Following walkthrough at https://medium.com/@silverbackdan/in...t-f412198c3051

This is a test using 'localdomain' and 'localhost'

Completed Step 6; how do I fix Step 7?

STDIN:

sudo certbot certonly --standalone -d localdomain --renew-hook "/etc/haproxy/cert-hook"

Observation: No symbolic link is created at /etc/letsencrypt/live

STDOUT:

Obtaining a new certificate
An unexpected error occurred
The request message was malformed :: Error creating new authz :: DNS name does not have enough labels

LOG (contains only benign DEBUGs):
DEBUG:certbot.plugins.selection:Requestor authenticator standalone and installer <certbot.cli._Default object at 0x25cfbd0>

Answer:

My localdomain is invalid. Certbot can only issue certificates for valid public domain names.

That is correct, LetsEncrypt will only sign certificates for domains which can be found by DNS lookup.

If you are testing on your local machine you can issue your own self signed certificate.

On the other hand, if you are trying to get certbot working then you will need a "real" (i.e. registered) domain.

What is your main objective?

Objective is functional offline testing. Would like to see http fail and https succeed before exposing to the www.

I have a public domain that is inaccessible from the dev environment. How do I issue a self-signed certificate?

That is still not very clear - functional offline testing of what exactly - server config, SSL/TLS methods, website code...?

How should http fail and https succeed, exactly? A better description of what you are trying to accomplish would go a long way.

In the mean time, if you just need a certificate, you can generate your own on just about any GNU/Linux platform:

Adjust for your actual paths, then restart your web server. When you request the site the first time it will ask you to grant an exception for the self-signed cert, but it will all work as expected, assuming your server is configured correctly.

1 members found this post helpful.