Certifying TLD (.agency) - Error creating new authz :: Name with public suffix

I’ve encountered some difficulty trying to certify my new domain name. It appears the issue involves new TLDs. In my case my TLD is: .agency
I’ve certified another .agency last year. Not sure why I’m encountering this issue now.

My domain is: theinitiate.agency

I ran this command: $ sudo certbot --apache -d theinitiate.agency -d www.theinitiate.agency.conf

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
An unexpected error occurred:
The request message was malformed :: Error creating new authz :: Name does not end in a public suffix
Please see the logfiles in /var/log/letsencrypt for more details.

Here are the contents of /var/log/letsencrypt/letsencrypt.log: https://pastebin.com/E4DzTj5n

My web server is (include version): Apache 2.4.7

The operating system my web server runs on is (include version): Ubuntu 14.04

My hosting provider is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no CP, using ssh instead

I’m following this guide: https://www.digitalocean.com/community/tutorials/how-to-set-up-let-s-encrypt-certificates-for-multiple-apache-virtual-hosts-on-ubuntu-14-04

There’s a copy and paste mistake.

You’re trying to create “theinitiate.agency” and “www.theinitiate.agency.conf”.

.agency is a valid TLD, .conf isn’t.

1 Like

Thank you, @mnordhoffm for the swift reply. I’m not sure how I overlooked such a trivial copy-paste mistake. After wrestling with certbot and certbot-auto, my shell tells me that my ssl certificate is installed correctly. But when I navigate to my site, theinitiate.agency, ‘https’ in the URL bar is crossed out and Chrome says the connection is “Not secure”. Something isn’t right.

I mindfully included both www.theinitiate.agency and theinitiate.agency when I invoked certbot-auto using this: sudo certbot-auto --apache -d theinitiate.agency -d www.theinitiate.agency

Any idea why one is secure and the other is not?

Is there any other information I could provide?

Last year when I first tinkered with Let’s Encrypt, the guide had me manually setup these files inside /etc/letsencrypt/live/.com/ :
cert.pem chain.pem fullchain.pem privkey.pem README
But today they were set up automatically. Is this because of a change in certbot?

Strange, that isn’t what I’m seeing:

They should have been set up automatically last year too, unless options like --csr or --config-dir were used. (And people almost never need to use those options.)



Still says “Not Secure”. Not sure why. It loads Secure in Chrome on my Smartphone.

I tried flushing the DNS cash on my desktop browser. No dice. Strange, isn’t it?

It’s working fine for me too. Please close all of your browser windows completely and reopen it and then check again.

That worked. Restarting Chrome seemed to do the trick. Haven’t had any issues today.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.