Docker cerbot ssl generation issue

My domain is:
shareforcures-local.com

I ran this command:
certbot certonly -v --webroot -w /var/www/certbot -d shareforcures-local.com

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Requesting a certificate for shareforcures-local.com
Performing the following challenges:
http-01 challenge for shareforcures-local.com
Using the webroot path /var/www/certbot for all unmatched domains.
Waiting for verification...
Challenge failed for domain shareforcures-local.com
http-01 challenge for shareforcures-local.com

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: shareforcures-local.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for shareforcures-local.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for shareforcures-local.com - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):

The operating system my web server runs on is (include version):
I am using macOS ventura with dockerize environment

my docker compose file is

  nginx:
    image: nginx:1.21.5-alpine
    restart: unless-stopped
    tty: true
    ports:
      - "80:80"
      - "443:443"

    volumes:
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/certbot
      - ./.docker/conf/nginx:/etc/nginx/conf.d
      - ./:/var/www/html
    networks:
      - prometheusresearch
    command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"

  certbot:
    image: certbot/certbot
    volumes:
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/certbot
      - ./.docker/logs:/var/log
    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"

I can login to a root shell on my machine (yes or no, or I don't know):
yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.1.1

I can see challenge being generated and then deleted I also hit the url http//shareforcures-local.com/.well-known/acme-challenge/test it works after placing test file there

Hi @mudiman, and welcome to the LE community forum

Please don't use real "fake" domain names.
You should have read the part you deleted:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

Hi @rg305

I want to use local random domain which is not register with any DNS for allowing ssl for local development environment only. I have seen example in forums where example.com or some other local domain are used.

Please start by reading Getting Started - Let's Encrypt
You can find several Free CAs for TLS Certificates here ACME CA Comparison - Posh-ACME

Also please read this Topic's entire thread of Posts Completely LOCAL!

Let’s Encrypt offers Domain Validation (DV) certificates.

For Let’s Encrypt to issue a Domain Validation (DV) certificate Domain Validation must happen.

Thus you need to own and have control over the Domain Name (or have a subdomain under an existing domain name, for example pointed to your server by your employer or school) you wish to obtain a certificate for, from an ICANN Accredited Registrar.

Thanks for all the help

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.