Certbot not showing all the domains

My domain is: mateon_sl.mateon.eu

I ran this command: sudo certbot --apache

My web server is (include version): apache2

The operating system my web server runs on is (include version): ubuntu20.04

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.32.2

So, i have a few subdomains on my server. And all of them work fine with certbot ssl. But when i added this domain, ran sudo a2ensite, it does not want to show up in the certbot options. I checked, and the website works, and the file is in sites-enabled. Does anybody know why this happens?


1 Like

Hello @jetamgamer, welcome to the Let's Encrypt community. :slightly_smiling_face:

Let's Debug show

InvalidDomain Fatal https://letsdebug.net/mateon_sl.mateon.eu/1374036#InvalidDomain-Fatal



Please see Domain name contains invalid character - #9 by Bruce5051

1 Like

Actually I guess not, but the domain name is not valid; DNS GIGO

$ nslookup mateon_sl.mateon.eu dns1.registrar-servers.com.
Server:         dns1.registrar-servers.com.

mateon_sl.mateon.eu     canonical name = mateon.eu.
Name:   mateon.eu
1 Like


So, i figured out that domains cant have "_". So i changed mateon_sl.mateon.eu to mateon-sl.mateon.eu.
And now it works fine!

Thanks so much,



Have a pleasant day! :slight_smile:

1 Like

Perhaps other (free) CAs do allow "_" in the FQDN.
[the Internet won't allow "_" in the domain name - but this use is further left of that]

Seems contradictory for ACME to require TXT record like:
But not to allow the name on the cert to contain "_".


The underscore in domain name and cert is not intuitive for sure.

I found this old thread which covers the topic really well. Comments from LE staff as well as ex-Certbot devs



Underscores are valid in "domain names" (things in DNS) but not in "host names" (systems that can have a URL). So certificates can't have them either, since certificates are supposed to be for host names. This quirk actually I think is why a lot of the non-hostname records in DNS use underscores (_dmarc, _acme-challenge, etc.), so that they're guaranteed not to conflict with an actual host's name.


But yet they can have IP Addresses :laughing:

1 Like

Sure, you can have an A/AAAA record in DNS that has an underscore in it. It's just not a valid hostname so you can't use it for a URL, but there are other uses that people have pressed DNS into.


Yes; very true! :slight_smile:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.