Getting error domain isn't public

Bassangler · June 3, 2018, 5:42pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ithero.club

I ran this command:

It produced this output:

My web server is (include version): apache

The operating system my web server runs on is (include version): opnsense/bsd

My hosting provider, if applicable, is: Google domains

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

jared.m · June 3, 2018, 5:55pm

Could you post the full and exact error message, as well as the process you followed that resulted in this error? The questions you skipped are actually really important in helping us help you.

Bassangler · June 3, 2018, 6:17pm

Thanks Jared. I’m on my phone currently, I’ll send the error message when I get behind my computer.

Bassangler · June 3, 2018, 6:26pm

I setup LE to do validation through HAproxy on OPNSense (a fork of pfSense). I can provide a step-by-step process that I followed, but it’s several steps. Please let me know if more details around my setup are needed. Below is the error log from the last validation attempt.

|[Sat Jun 2 15:04:42 CDT 2018]|Please check log file for more details: /var/log/acme.sh.log||—|---|
|[Sat Jun 2 15:04:42 CDT 2018]|_on_issue_err|
|[Sat Jun 2 15:04:42 CDT 2018]|skip dns.|
|[Sat Jun 2 15:04:42 CDT 2018]|_clearupdns|
|[Sat Jun 2 15:04:42 CDT 2018]|No need to restore nginx, skip.|
|[Sat Jun 2 15:04:42 CDT 2018]|pid|
|[Sat Jun 2 15:04:42 CDT 2018]|new-authz error: {“type”:“urn:acme:error:malformed”,“detail”:“Error creating new authz :: Name does not end in a public suffix”,“status”: 400}|
|[Sat Jun 2 15:04:42 CDT 2018]|The new-authz request is ok.|
|[Sat Jun 2 15:04:42 CDT 2018]|code=‘400’|
|[Sat Jun 2 15:04:42 CDT 2018]|_ret=‘0’|
|[Sat Jun 2 15:04:42 CDT 2018]|_CURL=‘curl -L --silent --dump-header /var/etc/acme-client/home/http.header -g ‘|
|[Sat Jun 2 15:04:42 CDT 2018]|_post_url=‘https://acme-v01.api.letsencrypt.org/acme/new-authz’|
|[Sat Jun 2 15:04:42 CDT 2018]|POST|
|[Sat Jun 2 15:04:41 CDT 2018]|ret=‘0’|
|[Sat Jun 2 15:04:41 CDT 2018]|_CURL=‘curl -L --silent --dump-header /var/etc/acme-client/home/http.header -g ‘|
|[Sat Jun 2 15:04:41 CDT 2018]|timeout=|
|[Sat Jun 2 15:04:41 CDT 2018]|url=‘https://acme-v01.api.letsencrypt.org/directory’|
|[Sat Jun 2 15:04:41 CDT 2018]|GET|
|[Sat Jun 2 15:04:40 CDT 2018]|RSA key|
|[Sat Jun 2 15:04:40 CDT 2018]|payload=’{“resource”: “new-authz”, “identifier”: {“type”: “dns”, “value”: “ithero.club-ca”}}’|
|[Sat Jun 2 15:04:40 CDT 2018]|url=‘https://acme-v01.api.letsencrypt.org/acme/new-authz’|
|[Sat Jun 2 15:04:39 CDT 2018]|Try new-authz for the 0 time.|
|[Sat Jun 2 15:04:39 CDT 2018]|_init api for server: https://acme-v01.api.letsencrypt.org/directory|
|[Sat Jun 2 15:04:39 CDT 2018]|Getting new-authz for domain=‘ithero.club-ca’|
|[Sat Jun 2 15:04:39 CDT 2018]|_currentRoot=’/var/etc/acme-client/challenges’|
|[Sat Jun 2 15:04:39 CDT 2018]|_w=’/var/etc/acme-client/challenges’|
|[Sat Jun 2 15:04:39 CDT 2018]|Getting webroot for domain=‘ithero.club-ca’|
|[Sat Jun 2 15:04:39 CDT 2018]|d=‘ithero.club-ca’|
|[Sat Jun 2 15:04:39 CDT 2018]|Getting domain auth token for each domain|
|[Sat Jun 2 15:04:39 CDT 2018]|Multi domain=‘DNS:ithero.club-ca,DNS:www.ithero.club,DNS:vpn.ithero.club,DNS:mail.ithero.club’|
|[Sat Jun 2 15:04:39 CDT 2018]|_createcsr|
|[Sat Jun 2 15:04:39 CDT 2018]|Read key length:ec-256|
|[Sat Jun 2 15:04:39 CDT 2018]|_saved_account_key_hash is not changed, skip register account.|
|[Sat Jun 2 15:04:39 CDT 2018]|d|
|[Sat Jun 2 15:04:39 CDT 2018]|_currentRoot=’/var/etc/acme-client/challenges’|
|[Sat Jun 2 15:04:39 CDT 2018]|Check for domain=‘mail.ithero.club’|
|[Sat Jun 2 15:04:39 CDT 2018]|d=‘mail.ithero.club’|
|[Sat Jun 2 15:04:39 CDT 2018]|_currentRoot=’/var/etc/acme-client/challenges’|
|[Sat Jun 2 15:04:39 CDT 2018]|Check for domain=‘vpn.ithero.club’|
|[Sat Jun 2 15:04:39 CDT 2018]|d=‘vpn.ithero.club’|
|[Sat Jun 2 15:04:39 CDT 2018]|_currentRoot=’/var/etc/acme-client/challenges’|
|[Sat Jun 2 15:04:39 CDT 2018]|Check for domain=‘www.ithero.club’|
|[Sat Jun 2 15:04:39 CDT 2018]|d=‘www.ithero.club’|
|[Sat Jun 2 15:04:39 CDT 2018]|_currentRoot=’/var/etc/acme-client/challenges’|
|[Sat Jun 2 15:04:39 CDT 2018]|Check for domain=‘ithero.club-ca’|
|[Sat Jun 2 15:04:39 CDT 2018]|d=‘ithero.club-ca’|
|[Sat Jun 2 15:04:39 CDT 2018]|Le_LocalAddress|
|[Sat Jun 2 15:04:39 CDT 2018]|_chk_alt_domains=‘www.ithero.club,vpn.ithero.club,mail.ithero.club’|
|[Sat Jun 2 15:04:39 CDT 2018]|_chk_main_domain=‘ithero.club-ca’|
|[Sat Jun 2 15:04:39 CDT 2018]|_on_before_issue|

schoen · June 3, 2018, 6:37pm

Hi @Bassangler,

It looks like you're trying to get a certificate for ithero.club-ca, which isn't a public domain name.

schoen · June 4, 2018, 4:04am

Hi @craigomez,

Whatever the most common reasons for this error are, the specific log that @Bassangler posted shows an attempt to obtain a certificate for the non-public domain ithero.club-ca. So, the other common failure reasons probably don’t apply to this situation.

Bassangler · June 5, 2018, 12:58pm

Thank you everyone, all input is appreciated. @schoen was correct. I didn’t look closely enough at what was needed in a particular field within my setup, after I removed the “-ca” the error was resolved.

system · July 5, 2018, 12:58pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.