Cert for .remember TLD

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: remember.remember

I ran this command: sudo certbot certonly --manual --preferred-challenges dns -d "remember.remember"

It produced this output:

Requesting a certificate for remember.remember
An unexpected error occurred:
AttributeError: can't set attribute

File "/opt/homebrew/Cellar/certbot/2.0.0/libexec/lib/python3.11/site-packages/acme/client.py", line 575, in _check_response
raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:rejectedIdentifier :: The server will not issue certificates for the identifier :: Error creating new order :: Cannot issue for "remember.remember": Domain name does not end with a valid public suffix (TLD)

My web server is (include version): github pages + namecheap (dns)

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: github pages

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.0.0

If my google-fu doesn't deceive me, .remember TLD is a Handshake thing. That will not work since LE only works with public DNS names.


Here's the list of Internet TLDs: https://www.iana.org/domains/root/db

And .remember isn't on it. You need to have a DNS name on the public Internet in order to get a certificate for it from a public CA like Let's Encrypt.


I like porkbun.com's description of Handshake names:

Handshake is an experimental and permissionless naming protocol that uses blockchain technology to create a decentralized root zone, as opposed to a centralized root zone regulated by ICANN. You can read more about the Handshake protocol at handshake.org

There are no guarantees with Handshake names. You may not be able to renew Handshake names upon expiration and there's a chance that the TLD you purchase the domain on top of could stop functioning prior to expiration.

Because Handshake names do not use the same root zone as other domains on the internet they do not currently, and may never, resolve like normal domains. These names require special browser plugins or network configurations. Furthermore, Porkbun services such as email, SSL certificate generation, and others don't work on Handshake names.

With Handshake names there is an inherent risk of collision with names on other blockchains, other naming technology, and with ICANN regulated domains. There are no guarantees that the Handshake names you purchase are unique or that they will not collide now or in the future.