ccr@centc:~$ sudo certbot --nginx --agree-tos --redirect --hsts --email ccr@centc.ca -d mail.centc.ca
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mail.centc.ca
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. mail.centc.ca (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for mail.centc.ca
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: mail.centc.ca
Type: None
Detail: DNS problem: NXDOMAIN looking up A for mail.centc.ca
If you want to have a certificate, you need a public visible domain. But if you want to use http-01 - validation, then you need a public visible ip address and a running webserver.
If this isn't possible, you can use dns-01 - validation to create a new certificate.