Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: whatismyweather.tech
I ran this command: certbot certonly --standalone
It produced this output: When I do the command it turns me an error: no valid A records found for whatismyweather.tech; no valid AAAA records found for whatismyweather.tech. I think it can be because I have a dynamic IP Address but I put it in the DNS Records but turns me the error.
It can be about my dynamic IP Adress?
The operating system my web server runs on is (include version): Windows
I can login to a root shell on my machine (yes or no, or I don't know): Yes
Hi @PabloRNC, and welcome to the LE community forum
The IP error is due to your use of a non-routable IP address.
RFC 1918 explains which networks can be routed over the Internet.
LE must validate your control over your domain at an IP address that can be reached via the Internet.
You need to understand how your router works.
You need to update DNS to show the external IP of the router.
You need to make sure the router sends [via NAT/PAT] inbound port 80 & 443 connections to your web server.
In short:
You need to have a working web site before trying to secure it.
Does http://whatismyweather.tech/ work from the Internet? [NO]
Now from your own private LAN you would likely be able to access the domain name, however Let's Encrypt needs to access the domain name from a Publicly Accessible Internet Address for HTTP-01 and TLS-ALPN-01 Challenge Types - Let's Encrypt; there is the DNS-01 Challenge which would not have such requirement.
Can you explain more how to do the thing with the NAT because I'am pointing my ip address but in the port 80 It redirect to the website router provider and if I change the port to another port and when I browse in the browser It turns me not found I searched for the error and I think is the NAT as you said.
No, your DNS is still pointing to your private IP address. You should point it to your public IP address. That number should be shown in your router config. Or, use one of the ways Bruce explained in post #7
I know what I'm saying is that start the webserver and in the browser put http://IP:80 and turns me into the website of the internet router provider I know that to generate the SSL I need to point to the domain but I need to made free the port and I think is related to the NAT thing
What I see is you are trying to use --standalone mode but you also are describing a webserver. If you plan to have a webserver you should not be using standalone mode.
Also, accessing your webserver on your local network is not important for getting a cert. You should focus on being able to access your webserver from the public internet using http (port 80). Once you have that working we can help you get a cert. If your router is using port 80 for its own purposes you will need to change that. Refer to your router docs for that and how to setup NAT if that is necessary.
Use the Let's Debug test site (link here) to check your http webserver from the public internet. Or, use a cell phone with wifi turned off to use your provider's internet.
Your router or other device seems to be blocking all http requests (port 80). You should open that port in your router and forward it if/as needed to the server on your local network.
I cannot even reach your home page. This is not unique or related to Let's Encrypt. You don't yet have a working HTTP site.
Try using your phone with wifi off to reach your home page. When that is successful try Let's Debug test site
