Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: riyadh.ye
I ran this command:
Issue new Lets Encrypt certificate
It produced this output:
Blockquote
Could not issue an SSL/TLS certificate for riyadh.ye
Details
Could not issue a Let's Encrypt SSL/TLS certificate for riyadh.ye .
Perhaps this domain is at risk group and is blacklisted on the Let's Encrypt side. See the related Knowledge Base article for details.
Details
Invalid response from https://acme-v02.api.letsencrypt.org/acme/new-order.
Details:
Type: urn:ietf:params:acme:error:rejectedIdentifier
Status: 400
Detail: Error creating new order :: Cannot issue for "riyadh.ye": Domain name is an ICANN TLD
Blockquote
The operating system my web server runs on is (include version): cloudlinux
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk Obsidian
And I'm not certain what update you speak about within the PSL.
But these things need to be sorted out with LE directly.
They do monitor this community but the majority of posts are from the community members/volunteers.
So you will have to wait for one of them to respond about the message:
I'll ping a few that should be able to help you (or find those that can): @jsha@aarongable@_az
It's difficult to get any information about the .ye TLD, but from Wikipedia:
Registrations are made at third level beneath several second-level names
This suggests it isn't even possible to own riyadh.ye, as it isn't a third level name. It's lacking one of the listed second-level names. Unfortunately, no source was listed.
Strangely enough your domain name in fact does resolve to an IP address..
Hello there,
We are the system administrators for the ccTLD .ye domain name; and thus, any subdomain under .ye
We updated the Public Suffix List to merge ye to the list as seen in my colleague snap-shot.
First-level domains under ye stopped being considered public suffixes only very recently: 3 days ago. It might take a couple of weeks for that change to make it to Let's Encrypt in production.
Keep in mind that PSL has been updated 3 days ago https://github.com/publicsuffix/list/pull/1189 and boulder (Let's Encrypt) has not been updated yet to use the updated PSL so it could take a while but @lestaff could give more info about this issue.
So the (first I think) "2" in {2, "ye", 2, false}, from the previous version of the list meant that second level names were also counted as TLDs? 2 is the "Wildcard" type, i.e. *.ye. That would be in line with the (unsourced) Wikipedia statement indeed.
First, the pull request needs to be approved (not really a big deal I suspect). Next, it needs to be released into a Boulder release. As far as I can remember, this follows a weekly schedule with first updating the staging server and the week afterwards the production server. But this may be old information, the staff can correct me on this
I'm afraid chances are great that this cannot be rushed.
I must agree. Only security and flaw type fixes should ever be rushed.
There should be no dire business need to have an LE cert in place today for a site that just went up a few days ago. If there is such a need, try other CAs - one might be able to help today.
I also don't see how a scheduled change should be considered as being critical and expedited to anyone concerned.
I believe most changes do but will let the Dev team comment on that. I think the idea would be to bake it this week and move it to prod next week, depending on the availability of our team.
Although this community forum is active at all times, LE staff are full time employees who don't work weekends We'll look at the relevant PR here as part of our normal development activities.
Every change goes through staging first, Jenessa was simply giving the time at which it would likely be available in production.