AWS Lightsail - Name does not end in a public suffix

LordLiverpool · February 12, 2019, 12:13pm

Hello Let’s Encrypt

I was following this AWS Tutorial on how to install an SSL certificate.

https://lightsail.aws.amazon.com/ls/docs/en/articles/amazon-lightsail-using-lets-encrypt-certificates-with-wordpress

But when I got step 3 part 6 I got an error message (see below)

I entered my email address and verified it with the Electronic Frontier Foundation
I agreed to the terms and conditions

What have I done wrong? .com is a public suffix

Any help is appreciated.

Thanks

My domain is: http://energysrs.com

I ran this command: sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly

It produced this output: The request message was malformed :: Error creating new order :: Name does not end in a public suffix

My web server is (include version): Server version: Apache/2.4.34 (Unix) Server built: Jul 30 2018 17:17:22

The operating system my web server runs on is (include version):Linux 4.4.0-1065-aws x86_64

My hosting provider, if applicable, is: AWS - Lightsail - Bitnami WordPress Instance

I can login to a root shell on my machine (yes or no, or I don’t know): yes via Lightsail SSH terminal

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0

mnordhoff · February 12, 2019, 12:15pm

What are $DOMAIN and $WILDCARD set to?

LordLiverpool · February 12, 2019, 12:17pm

Thanks for the fast reply!

echo $DOMAIN && echo $WILDCARD energysrs.com *.DOMAIN

mnordhoff · February 12, 2019, 12:20pm

*.DOMAIN isn’t a public suffix. It’s supposed to be *.energysrs.com.

By the way, relying on manual validation is problematic. It means the certificate can’t be automatically renewed and you have to do it by hand every couple months.

That tutorial is apparently using Ubuntu; your domain is using Cloudflare’s DNS. You can install the Certbot Cloudflare DNS plugin with sudo apt-get install python3-certbot-dns-cloudflare and use it to validate with less copying and pasting and more automatic renewal. (You still have to fix the domain, though.)

https://certbot-dns-cloudflare.readthedocs.io/en/stable/

LordLiverpool · February 12, 2019, 12:39pm

@mnordhoff thanks for your help, it's appreciated.

Sorry for making an obvious syntax error, my apologies. I'll pay closer attention from now on.

Thank you for the suggestion of using the Certbot Cloudflare DNS plugin.
I'm tempted to move the domain to AWS Route 53 to manage the DNS there.
If so would I be able to set-up auto renewal?

A quick Google reveals:

Am I on the right track?

mnordhoff · February 12, 2019, 12:41pm

Certbot also has a Route 53 plugin.

https://certbot-dns-route53.readthedocs.io/en/stable/

LordLiverpool · February 12, 2019, 12:43pm

@mnordhoff

You’re very helpful, thank you!

system · March 14, 2019, 12:43pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Lightsail Letsencrypt Error Cannot issue for "*.domain": Name does not end in a public suffix (.org) Help	14	7025	September 14, 2019
Error installing cert on Lightsail WordPress instance Help	5	1410	August 17, 2020
AWS Lightsail SSL Installation problem Help	3	626	August 15, 2020
Help with wildcard SSL for AWS Lightsail shell timeout Help	16	2075	May 9, 2019
Lightsail Failed Install Help	12	1368	March 17, 2020

AWS Lightsail - Name does not end in a public suffix

Related topics