Renew Certificate in a Tier 0 Net

Maik · June 14, 2021, 12:55pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.compbees.de

I ran this command: win-acme

It produced this output: DNS problem: NXDomain looking up A for compbees.de - check that a DNS record exists for this domain", "status":

My web server is (include version): IIS 10

The operating system my web server runs on is (include version): Windows Server 2019 Standard

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): win-acme

Nekit · June 14, 2021, 1:08pm

$ whois compbees.de
Domain: compbees.de
Status: free

Looks like this domain is not registered at all. You sure there's no typo?

Maik · June 14, 2021, 1:15pm

Hi, to the scenario. I d like to automate the certificates via Lets Encrypt for my work. So i created at home a test environment in hyper-v. Only 1 Server with IIS. I have an Active Directory and configured the webserver. i created a binding to Port 80 and Port 443 to this site. I ve created a CNAME in my local DNS for the site.
But it doesnt work wit win-Acme, because i want to automate the certificate renew.

Did i forget anything? Thx in advance.

Nekit · June 14, 2021, 1:18pm

In order to get publicly trusted tls certificate you need to prove control of publicly resolvable domain name. It appears that the domain you are trying to get certificates for is not registered at all, hence you won't be able to get certificates from Let's Encrypt or any other publicly trusted CA for that matter.

More info here:

Maik · June 14, 2021, 1:33pm

Thx, so there are some more steps to do.

rg305 · June 14, 2021, 9:40pm

Or don't use a publicly trusted CA.
There are several private CAs might be helpful for your testing - until your automation is working.

system · July 14, 2021, 9:40pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.