I am developing (on Windows 7 ) a PHP application using Docker (Debian 9). I wish to use HTTPS in development.
How can I create a certificate?
I guess I use Certbot but where do I run it? I guess it needs to talk to my webserver (Apache) in the Docker container.
If I was developing on a Linux machine, I guess that I could run Certbot on that and use my hosts file, so that it could see the token on the Docker container?
If you want to use Docker, you should store your keys and certificates permanent.
--
Storing and Reusing Certificates and Keys
...
As an example, many sites are starting to use Docker to provision new frontend instances as needed. If you set up your Docker containers to issue when they start up, and you don’t store your certificates and keys durably, you are likely to hit rate limits if you bring up too many instances at once. In the worst case, if you have to destroy and re-create all of your instances at once, you may wind up in a situation where none of your instances is able to get a certificate, and your site is broken for several days until the rate limit expires.
Can I then use Certbot to create a certificate for this, then use this certificate locally (by adding myDomain.co.uk to my hosts file, which will point to my Docker webserver?)
I don't know enough about Certbot and Docker, because I don't use them.
But I use my own Wildcard-certificate *.example.com (not Letsencrypt) of my webservice local to connect my dev-version of my domain. And a host-entry 127.0.0.1 dummy.example.com.
Use DNS-01 challenge to create a certificate for myDomain.co.uk (or a wildcard cert)
Set the DNS for myDomain.co.uk as 127.0.0.1 *
B) HTTP Challenge
Create a certificate for myDomain.co.uk from a computer on the public internet
Update the DNS for myDomain.co.uk to 127.0.0.1 *
Copy the certificate to your local machine.
instead of setting public DNS to 127.0.0.1, you can also just use a local DNS resolver/server to route the domain to 127.0.0.1. This way people in your lan/computer think the domain is 127.0.0.1 but it points elsewhere outside of your network.
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
It looks like you have a GoDaddy domain parking service enabled. In this case you should change your GoDaddy DNS settings or other domain settings to make sure that the something.co.uk name points directly to your web server, not to a parking service.
(If that’s not the case, then you should ensure that no other GoDaddy options are enabled that would cause GoDaddy to receive or intermediate web connections to your domain. )
I’m trying DNS authorisation now and I am getting:
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: blahblahblah.co.uk
Type: None
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.blahblah.co.uk
What I don’t get is that when I add the TXT record, the minimum TTL is 600 seconds. How can I get certbot to wait for this amount of time, before doing the check?
Are you using --manual or some other method? If you're using --manual, it waits for you to press Enter before telling the CA that the challenge is ready.