Try to get a certificate for raspberrypi


#1

I would like to understand the receipt error message.

I’d installed a standalone Apache 2.4.25 (Raspian) on my Raspberry PI 3b (Linux Raspberrypi 4.14.71-v7+, Debian-Version: 9.4). This webserver should only provide my private intranet. It should not be accessable from the internet.

To provide higher security I‘d like to prohibit the „http“ traffic. Every client should use „https“. Therefor I need a certificate.

Hostname is „raspberrypi“

Now my Question: Is it possible to get a certificate for this hostname?

I always get an error message: „… DNS name does not have enough labels“

Remarks:
I installed letsencrypt from git (git clone https://github.com/letsencrypt/letsencrypt).
To create the certificate I use „./letsencrypt-auto -d raspberrypi -m MyEmail“

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
Hostname: raspberrypi (domain: ringwald-local)

I ran this command:
./letsencrypt-auto -d raspberrypi -m MyEmai

It produced this output:
„… DNS name does not have enough labels"

My web server is (include version):
standalone Apache 2.4.25 (Raspian)

The operating system my web server runs on is (include version):
Linux Raspberrypi 4.14.71-v7+, Debian-Version: 9.4

My hosting provider, if applicable, is:
private

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Cyberduck via SFTP (it works well)


#2

No. Certificates are issued only for public FQDNs. You must own (or at least control) a domain that exists on the public Internet, and the cert must be for something in that domain–so it could be for raspberrypi.ringwald.com, but not raspberrypi.ringwald.local.


#3

To add a little clarification, publicly trusted certificates are only available for public domain names (regardless of whether or not the servers they point to are publicly accessible.) However, you could definitely create your own internal certificate authority, add its root certificate to your own computers’ trusted roots, and then issue your own certificates. This is a bit of work, but there are plenty of other software options that can help the process.