ubuntu

How can a teapot defeat certbot?

Hello. What we have: a domain delegated to Yandex, a local network, a Rocketchat server on Ubuntu 20.04, a Mikrotik router and a certain number of users.
Required: Make the rocket accessible from the outside. For this, it was decided to use certbot.
The Yandex DNS has an A record for the subdomain rocket.domainame.ru indicating the white ip.
I don’t quite understand whether it is required to confirm ownership of a subdomain (subdomain = site on Yandex)?
All my attempts to get a certificate end up like this:

~$ sudo certbot --nginx -d rocket.kb-modul.ru
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for rocket.kb-modul.ru
Waiting for verification...
Challenge failed for domain rocket.kb-modul.ru
http-01 challenge for rocket.kb-modul.ru
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: rocket.kb-modul.ru
Type: unauthorized
Detail: Invalid response from
rocket.kb-modul.ru/.well-known/acme-challenge/ZeO3...
[84.*.*.14]: ""-//W3C//DTD XHTML 1.0
Strict//EN\"
\" http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n _

xmlns=\"http"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

I don't "boil" in this for very long, don't hit me hard.
Thank you for your attention!