Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
An unexpected error occurred:
Error creating new order :: Cannot issue for "o----o.de": Domain name contains an invalid label in a reserved format (R-LDH: '??--') (and 1 more problems. Refer to sub-problems for more information.)
Please see the logfiles in /var/log/letsencrypt for more details.
My web server is (include version):
Apache/2.4.29 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 18.04
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.31.0
@lestaff Any idea why this domain name is being refused? As far as I can tell from RFC 5891, the hyphen restriction is only applicable to unicode strings being converted to IDNA labels? And not for non-IDNA domains?
So this is a reserved-LDH name, even though it is not a valid Internationalized Domain Name. Because of the Baseline Requirements that apply to all publicy trusted CAs, we are not allowed to issue for this domain name even though it is registered in the DNS.
Yeah, Let's Encrypt even specifically had an Official Incident in the past where they failed to block issuance where characters 2, 3, and 4 were all hyphens:
My quick read-through (which may be wrong) is that since some people thought the names were already prohibited, and some didn't, explicitly prohibiting it ended up making the rules clearer.
I have researched at DENIC. Also at DENIC it is no longer possible to register domains with -- in 3rd and 4th position. But in the past it was possible and so such domains exist.
It would be a pity if the owners of this domain cannot use a certificate.