I have a problem requesting a certificate for a local server we have internally; Basically, we want to get rid of the self-signed certificate and install a valid SSL certificate on a Microsoft ADFS server.
We have created a public A record for this server which resolves in 10.0.0.0/8. The command I try to invoke is:
./certbot-auto certonly --verbose --standalone -d adfs.company.com
At the screen, I get the error “No IPv4 addresses found for adfs.company.com”. I don’t think it is a DNS problem, as it resolves well and if I invoke the same command with a non-existent subdomain name, I get a different error message (NXDOMAIN looking up A)
If you want to use any of the challenge types supported by letsencrypt-auto (or certbot, the new name), you’ll need to make your domain resolve to a non-private IP address and allow traffic from the public internet on port 80 or 443.
As an alternative, you can use a DNS-based challenge (DNS-01). To make this work you’ll need to be able to create a TXT record for your domain (it needs to be resolvable by public DNS). This is currently not supported by certbot, but a number of other clients have support for DNS-01 (like the bash clients or lego).
Thanks, what I finally did is that I setup Let’s encrypt on a Linux Apache server, converted the certificate to PKCS12 format and installed it on the Active Directory server.