Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): gci.example.com
** Error - Invalid selection **
My web server is (include version): Apache
The operating system my web server runs on is (include version): Ubuntu 18
I installed this ALL last month or more recently, so pretty much latest version. I’m trying to set up a secure/trusted self-signed server on an intranet. I thus typed in “GIBA.dhcp.mycompany.ltd”, which is the FQDN on my own internal DNS, and expected to get some job, but even typing in the example fails, so somebody is trying to phone home?
But mostly I’m getting confused by the wording and language used by anyone describing how to set up a secure server. I am using this to learn how to set up a server, but the server will never be external, I want to still go through most of the correct steps to learn from. Am I wasting my time. I am wanting to switch my apache from http to https and allow other machines to be reasonably secure at least with credentials if they choose to trust my self-signed cert, which I will place on a thumbdrive. I keep seeing steps in people’s blogs telling me to set up a “localhost” CN in a certificate, but localhost is not a trustable CN surely, so rather confused now. A number of links point to your excellent tool, but I’m not clear on the basics still. Making sense?
I think Certbot’s interface needs you to type “1” rather than “gci.example.com”. It’s just rejecting the input because it expects a number, not because of anything about your hostname itself.
Of course, unless you work for IANA, you don’t have access to example.com, and gci.example.com doesn’t currently exist. mycompany.ltd doesn’t seem to be a registered domain, and giba.dhcp.mycompany.ltd does not exist either.
Let’s Encrypt only issues certificates for domains that are registered and that you really control.
Certbot isn’t intended for issuing simple self-signed certificates. It’s an ACME client, designed to interact with CAs using the ACME protocol. It doesn’t necessarily have to be a public, trusted CA like Let’s Encrypt. You could operate your own private CA using software like step. But if you want one command to issue an untrusted, self-signed certificate, without any other infrastructure, that’s not what Certbot is for.