The domain erica.com was registered in 2003.
But I don't see any certs ever having been issued for that domain... So, now I'm unsure.
Things you need to get a cert from a public CA
#1: Must be able to show "control" of a real domain (or FQDN)
erica.com ?No I did not buy it. I created it using Apache on Ubuntu.
It is a free domain, I created on my machine (Ubuntu) using Apache. Use this IP 10.255.151.34, you will find it.
10.0.0.0/8 isn't routable over the Internet.
[which includes 10.255.151.34]
You can "see it", I can't.
The cheapest possible domain you can buy is $0.99.
There are some free bit I'd advise against it. You can go on duckdns.org or freedns.afraid.org and get a free third level domain.
But you need a real domain we can connect to, connected to the global DNS system, to get a certificate.
Putting a line in /etc/hosts to serve your local server on an arbitrary name doesn't count, because you are the only one who can see that.
It's not a "free" domain.
It's owned by someone (somewhere).
Were you given permission to use a subdomain of it?
Something like:
myserver.erica.com
I understand now.
@nahidanwar007 is at Boise State and they are using a subnet inside 10.0.0.0/8 to NAT their users. So, yeah, something like a tunnel/ngrok is also needed.
~ $ whois 132.178.207.16
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2022, American Registry for Internet Numbers, Ltd.
#
#
# Query terms are ambiguous. The query is assumed to be:
# "n 132.178.207.16"
#
# Use "?" to get help.
#
NetRange: 132.178.0.0 - 132.178.255.255
CIDR: 132.178.0.0/16
NetName: BOISESTATE
NetHandle: NET-132-178-0-0-1
Parent: NET132 (NET-132-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Boise State University (BSU)
RegDate: 1988-12-05
Updated: 2021-12-14
Ref: https://rdap.arin.net/registry/ip/132.178.0.0
OrgName: Boise State University
OrgId: BSU
Address: 1910 University Drive
Address: OIT
City: Boise
StateProv: ID
PostalCode: 83725
Country: US
RegDate: 1988-12-05
Updated: 2016-07-14
Ref: https://rdap.arin.net/registry/entity/BSU
OrgNOCHandle: COMMU60-ARIN
OrgNOCName: Communications Engineers
OrgNOCPhone: +1-208-426-1000
OrgNOCEmail: communicationsengineers@boisestate.edu
OrgNOCRef: https://rdap.arin.net/registry/entity/COMMU60-ARIN
OrgAbuseHandle: COMMU60-ARIN
OrgAbuseName: Communications Engineers
OrgAbusePhone: +1-208-426-1000
OrgAbuseEmail: communicationsengineers@boisestate.edu
OrgAbuseRef: https://rdap.arin.net/registry/entity/COMMU60-ARIN
OrgTechHandle: COMMU60-ARIN
OrgTechName: Communications Engineers
OrgTechPhone: +1-208-426-1000
OrgTechEmail: communicationsengineers@boisestate.edu
OrgTechRef: https://rdap.arin.net/registry/entity/COMMU60-ARIN
RTechHandle: BM1789-ARIN
RTechName: McDevitt, Brian
RTechPhone: +1-208-426-3093
RTechEmail: BrianMcDevitt@boisestate.edu
RTechRef: https://rdap.arin.net/registry/entity/BM1789-ARIN
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2022, American Registry for Internet Numbers, Ltd.
#
I just need only to serve my local server. The purpose is not to connect globally.
Ok. You can. But you can't have a globally recognised certificate if you are not globally reachable.
Then DNS-01 authentication seems likely to be required.
Otherwise, Boise State would have to route/NAT one of those 132.178 IPs directly to their 10 dot (or 192.168) system IP.
[which would require DHCP reservation/static IP and putting that system into a DMZ (at the least)]
But we must begin at the beginning...
IPv6 to the rescue!
(That they don't have)
(I didn't think of dns-01, good idea.)
I understand. But my goal is to learn to achieve this only on my machine for the moment.
But you can't get a cert from a trusted CA by just "making up" a domain name on your private network.
Then you should install one of these:
Actually I want to do something like in this video
How To Install Free SSL Certificate on Ubuntu web Server - YouTube
That's fine. It describes using certbot to get a cert from Let's Encrypt. But you need a public domain name bought from a registrar. You will then get access to the DNS records that will be required.
You cannot make that work with a private "made up" domain name. Sadly, someone else already owns erica.com
I got it. My final question is - if I make privately a fairly new website/domain(which is never used), will that be working by using certbot?
Register a domain yourself using any domain registrar (Cloudflare.com, GoDaddy, Google Domains, Namecheap etc), you will then "control" the domain and you can point it at the IP address of a real webserver you run.
To then use Certbot to get a certificate for that site your site needs to be accessible over the public internet (e.g. anyone needs to be able to browse to it). If you don't want to do it that way you can use DNS validation instead (which updates your DNS with a special validation record every time you need to renew your cert).
The root of the issue here is not to do with Certbot, you just don't know how websites and domains work - which is fine, most people don't know that either, you can learn.
No. It has to be a public registered name as webprofusion describes.