To expand on the issue a little, below is a link to a previous comment on the topic.
So dynamic dns services that want to allow creation of (more) letsencrypt certificates for subdomains of theirs can request their root domains to be added into this list: - View the Public Suffix List