Do I need to own a domain for DNS-01 to work?

[fishermanG]

I have a few domains registered on CF which I have managed to get them setup for my edgerouter. e.g. router.sphingo.com Since this is purely for local use only, can I have a different domain without actually owning it? e.g. router.home.net.

Thanks

[hungnguyenm]

Unfortunately, if you want to get a certificate from Certificate Authorities whom being trusted by default in many places, you'd need to prove to them that you own the domain. Without that check, anyone could easily perform a MITM attack (e.g., spoofing gmail website with a gmail.com certificate).

An alternative could be using self-signed certificates, but you'd need to install the root self-signed certificate on all your local devices or make them trusting the self-signed certificates somehow.