Do I need to registered the domain first in order to create the Cert?

Having trouble understanding how to create a Cert via pfSense. I want to only secure the webConfigurator using my intranet domain name which it not a registered domain. Does this mean I need to registered the domain first in order to successfully create the Cert?

MSG:

[Wed May 4 11:04:03 MDT 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed May 4 11:04:03 MDT 2022] Standalone mode.
[Wed May 4 11:04:03 MDT 2022] Single domain='xxxxxxxxxx.net'
[Wed May 4 11:04:03 MDT 2022] Getting domain auth token for each domain
[Wed May 4 11:04:31 MDT 2022] Getting webroot for domain='xxxxxxxxxx.net'
[Wed May 4 11:04:31 MDT 2022] Verifying: xxxxxxxxxx.net
[Wed May 4 11:04:31 MDT 2022] Standalone mode server
[Wed May 4 11:04:33 MDT 2022] Pending, The CA is processing your order, please just wait. (1/30)
[Wed May 4 11:04:35 MDT 2022] xxxxxxxxxx.net:Verify error:DNS problem: NXDOMAIN looking up A for xxxxxxxxxx.net - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for xxxxxxxxxx.net - check that a DNS record exists for this domain
[Wed May 4 11:04:35 MDT 2022] Please check log file for more details: /tmp/acme/WEBGUI_CERT/acme_issuecert.log

Correct, you cannot get certificates from Let's Encrypt unless the name is registered in the public DNS.

4 Likes

To elaborate on Matthews post: Let's Encrypt (LE) is a publicly trusted Certificate Authority (CA). Due to the publicly trusted nature, it is a requirement to validate the domains for which a certificate is requested. And this validation can only be done if the domain is actually a real, public domain. LE would not be able to validate your local domain.

See also:

7 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.