How to obtain certbot ssl

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
studio-miranima.com
I ran this command:

but I use private ip and port-forwarding
sudo certbot certonly --nginx --dry-run
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?

1: studio-miranima.com
2: www.studio-miranima.com

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Simulating a certificate request for studio-miranima.com and www.studio-miranima.com
Performing the following challenges:
http-01 challenge for studio-miranima.com
http-01 challenge for www.studio-miranima.com
Waiting for verification...
Challenge failed for domain studio-miranima.com
Challenge failed for domain www.studio-miranima.com
http-01 challenge for studio-miranima.com
http-01 challenge for www.studio-miranima.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: studio-miranima.com
  Type: dns
  Detail: no valid A records found for studio-miranima.com; no valid
  AAAA records found for studio-miranima.com

  Domain: www.studio-miranima.com
  Type: dns
  Detail: no valid A records found for www.studio-miranima.com; no
  valid AAAA records found for www.studio-miranima.com

My web server is (include version):
nginx version: nginx/1.18.0
The operating system my web server runs on is (include version):
Debian version: 11 (bullseye)
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.12.0

Let's Encrypt is a public Certificate Authority and needs to validate your domain control over the public internet. Your DNS is pointing to your private IP. It must point to your public IP

how do I get my website secure in the easiest way, can I use the DNS challenge? can you recommend me?

Do you want your website available on the public Internet?

no i just want to obtain ssl

How is anyone going to reach your site over the Internet [IP 192.168.1.101]?
What port(s) are being forwarded [and where/how]?