check that a DNS record exists for this domain

nginx cert-manager

Solution 1:

You tried to use ACME, it is what Let's Encrypt use. The ACME protocol is basically an automated DNS domain validation and it gives you a "domain validated" certificates. It checks if DNS records with requested names really point to requesting server (or are under control of requesting server), which "proves" that server is permitted to have such certificate.

This means the domain validation is possible only for domain names that are in the global DNS tree. You use a ".int" suffix which doesn't exists in the global DNS tree (or it exists, but your name doesn't exist or belong to you). It isn't what could be "domain validated" with ACME.

So you can't generate certificates with ACME for this name. Sorry.

Your options are:

  • instantiate your own "internal" CA, have its root certificates trusted on every involved machine and then generate certificates with it. This might be, for example, MS AD Certification Services. This will require some work for instantiation and support of the CA, but you'll be able to continue use ".int";
  • use a subdomain of globally registered domain, i.e. change your ".int" suffix into something like ".int.example.com", where example.com is your bought and delegated domain. Then you might, for example, to setup some reverse proxy and point all your "internal" names to the public address of that proxy in the global DNS, to be able to use ACME for your "internal" hosts.

After many years of network engineer experience I ended up with this second alternative. I never use "detached private internal" names like ".int", ".local", ".lan" etc. for internal services, even if I know I am not going to connect them with "outside world", even if they are physically disconnected from the Internet. I always use something that descend from my owned global domain names. This saved me much work. And when I sometimes meet a network where these "detached" names are used, almost always there are some dirty quirks to solve obscure problems, which weren't be needed if they were using global names.

Related

startup script yum install fails with “signature could not be verified for google-cloud-sdk”
How do I use 2 disks for CoreOS?
Balancing with MX records - How does this work?
k8s nginx ingress returns randomly 502 error on load
Considerations for Server OS Upgrade (Win2012R2 to 2019) hosting SQL Server?
Postfix not using TLS ciphers it is supposed to use
Can I have two DHCP servers for IPv4/IPv6?
Error trying to set my site up with Cloudflare
Getting can't resolve host when curling dependencies in systemd
Kubernetes: kubeadm join fails in private network
LSI iBBU07 troubleshoot: BBU not detected?
rsync: Remember copied files, even if they are deleted at the destination