I currently get a Failed Authorization Procedure Message…
My main questions are:
Does CertBot need to do inbound requests to the server?
Since this is a server on the intranet all inbound request are currently blocked, is there any IP addresses or DNS’ I can whitelist to do inbound calls on the server?
Does that same IP/DNS need to have write access to the ./well-known/acme-challenge folder
Is Certbot the right tool for this since it’s an application that’s only running on the intranet, although it must be https.
My domain is:
I can’t say (the certificate hasn’t been an issued) and it’s on an intranet
I ran this command: certbot certonly --test-cert -d [domain]
It produced this output:
Failed authorization procedure … (http-01) DNS problem NXDOMAIN looking up A for…
My web server is (include version): Linux
The operating system my web server runs on is (include version): Ubuntu
My hosting provider, if applicable, is: N/A
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0
My main questions are:
Does CertBot need to do inbound requests to the server?
Since this is a server on the intranet all inbound request are currently blocked, is there any IP addresses or DNS’ I can whitelist to do inbound calls on the server?
Does that same IP/DNS need to have write access to the ./well-known/acme-challenge folder
Is Certbot the right tool for this since it’s an application that’s only running on the intranet, although it must be https.
A1. LE needs to - when using HTTP authentication.
A2. IPs are not static.
A3. Never; it only needs to read from it.
A4. Yes, it can be. But you may need to use DNS authentication instead of HTTP.
@rg305
Thanks for this!
Why would it be better to use DNS authentication over HTTP?
Do I need to create the file in the ./well-known/acme-challenge folder?