Gethttpsforfree - WildCard Domain in CSR SAN Causes Errors


Please fill out the fields below so we can help you better.

My domain

I ran this command:*

It produced this output:*

My operating system is (include version):Linux version 2.6.32-673.26.1.lve1.4.25.el6.x86_64 ( (gcc version 4.4.7 20120313 (Red Hat 4.4.7-17) (GCC) ) #1 SMP Wed Apr 5 16:33:01 EDT 2017

My web server is (include version):Linux 2.6.32-673.26.1.lve1.4.25.el6.x86_64 #1 SMP Wed Apr 5 16:33:01 EDT 2017 x86_64 x86_64 x86_64 GNU/Linux

My hosting provider, if applicable, is:GoDaddy
I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):cpanel


Hi @496988685,

The actual error appears to be “Invalid character in DNS name”. Which name or names are you trying to get a certificate for here?

If you have an internationalized domain name (IDN), the certificate authority currently requires that you submit the request using the A-label (“xn–”) form rather than Unicode form—for example instead of 美.com. I think the gethttpsforfree service may not have implemented any warnings about this issue.


thank you for so much concern. i want to give “” a certificate.
well…:),i understand what is the xn form ,and… what i could do ,plz give me some suggest
^-^ ^-^ ^-^


Hi @496988685,

If you do have root shell access on your server, why did you choose to use instead of installing a Let’s Encrypt client application on the server?

Can you show exactly how you gave the list of domains for which you wanted to request a certificate?


i use putty to control my GoDaddy linux os, :frowning: ,maybe …im not root…


Hmmm, I’m not sure why you got the error about the domain name. You can feel free to paste the CSR here too and we can take a look at it.

If you’re not able to install client software as root on your machine, I might suggest using instead of ZeroSSL does more of the tasks for you automatically inside of your browser, although it is otherwise similar in concept.


this csr made in my GODADDY account.


yes.yes .i get her…

but hmmmmmmmm. https No display.:joy:



Please paste as in pate the text (not an image) of your CSR so we can use tools to verify it is in fact correct.

As we do not have the private key there is very little we can do with the CSR.

My suspicion is that GoDaddy is adding extra bits that LetsEncrypt doesn’t like





this is displayed https because of i have add some code to .htaccess


hi @496988685

if you run you CSR through a checker:

The issue is with the fact you are trying to get a Wildcard Certificate which LetsEncrypt doesn’t allow.

If you remove the * from your CSR you will be able to get certificates issued.




I don’t believe HTTPSforFree Currently excludes wildcards during ASN1 parsing.

Might be something to think about.

Not teaching you how to suck eggs - just spent a lot of time learning from your code base.



This is a very pertinent suggestion,i am willing to acciept and do ti. actually,i have learnning Javascript now,this issue is a part of my learnning programme. Thanks again.


GoDaddy maybe ready refuse letsencrypt ssl?


how did you manage to solve this?

Can you share so that others may learn please



I think the Certificate Authority Bundle mentioned will be the chain provided by Let’s Encrypt. The Certbot tool provides this in a file named chain.pem other software may name it differently.

The purpose of this data is to create a chain of trust showing the Let’s Encrypt Authority X3 which signed the certificate has in turn another certificate signed by a CA, for some certificates there can be three or four steps, but it’s the same idea.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.