Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: ithero.club
I ran this command:
It produced this output:
My web server is (include version): apache
The operating system my web server runs on is (include version): opnsense/bsd
My hosting provider, if applicable, is: Google domains
I can login to a root shell on my machine (yes or no, or I donât know): yes
Iâm using a control panel to manage my site (no, or provide the name and version of the control panel):
Could you post the full and exact error message, as well as the process you followed that resulted in this error? The questions you skipped are actually really important in helping us help you.
I setup LE to do validation through HAproxy on OPNSense (a fork of pfSense). I can provide a step-by-step process that I followed, but itâs several steps. Please let me know if more details around my setup are needed. Below is the error log from the last validation attempt.
|[Sat Jun 2 15:04:42 CDT 2018]|Please check log file for more details: /var/log/acme.sh.log||â|---|
|[Sat Jun 2 15:04:42 CDT 2018]|_on_issue_err|
|[Sat Jun 2 15:04:42 CDT 2018]|skip dns.|
|[Sat Jun 2 15:04:42 CDT 2018]|_clearupdns|
|[Sat Jun 2 15:04:42 CDT 2018]|No need to restore nginx, skip.|
|[Sat Jun 2 15:04:42 CDT 2018]|pid|
|[Sat Jun 2 15:04:42 CDT 2018]|new-authz error: {âtypeâ:âurn:acme:error:malformedâ,âdetailâ:âError creating new authz :: Name does not end in a public suffixâ,âstatusâ: 400}|
|[Sat Jun 2 15:04:42 CDT 2018]|The new-authz request is ok.|
|[Sat Jun 2 15:04:42 CDT 2018]|code=â400â|
|[Sat Jun 2 15:04:42 CDT 2018]|_ret=â0â|
|[Sat Jun 2 15:04:42 CDT 2018]|_CURL=âcurl -L --silent --dump-header /var/etc/acme-client/home/http.header -g â|
|[Sat Jun 2 15:04:42 CDT 2018]|_post_url=âhttps://acme-v01.api.letsencrypt.org/acme/new-authzâ|
|[Sat Jun 2 15:04:42 CDT 2018]|POST|
|[Sat Jun 2 15:04:41 CDT 2018]|ret=â0â|
|[Sat Jun 2 15:04:41 CDT 2018]|_CURL=âcurl -L --silent --dump-header /var/etc/acme-client/home/http.header -g â|
|[Sat Jun 2 15:04:41 CDT 2018]|timeout=|
|[Sat Jun 2 15:04:41 CDT 2018]|url=âhttps://acme-v01.api.letsencrypt.org/directoryâ|
|[Sat Jun 2 15:04:41 CDT 2018]|GET|
|[Sat Jun 2 15:04:40 CDT 2018]|RSA key|
|[Sat Jun 2 15:04:40 CDT 2018]|payload=â{âresourceâ: ânew-authzâ, âidentifierâ: {âtypeâ: âdnsâ, âvalueâ: âithero.club-caâ}}â|
|[Sat Jun 2 15:04:40 CDT 2018]|url=âhttps://acme-v01.api.letsencrypt.org/acme/new-authzâ|
|[Sat Jun 2 15:04:39 CDT 2018]|Try new-authz for the 0 time.|
|[Sat Jun 2 15:04:39 CDT 2018]|_init api for server: https://acme-v01.api.letsencrypt.org/directory|
|[Sat Jun 2 15:04:39 CDT 2018]|Getting new-authz for domain=âithero.club-caâ|
|[Sat Jun 2 15:04:39 CDT 2018]|_currentRoot=â/var/etc/acme-client/challengesâ|
|[Sat Jun 2 15:04:39 CDT 2018]|_w=â/var/etc/acme-client/challengesâ|
|[Sat Jun 2 15:04:39 CDT 2018]|Getting webroot for domain=âithero.club-caâ|
|[Sat Jun 2 15:04:39 CDT 2018]|d=âithero.club-caâ|
|[Sat Jun 2 15:04:39 CDT 2018]|Getting domain auth token for each domain|
|[Sat Jun 2 15:04:39 CDT 2018]|Multi domain=âDNS:ithero.club-ca,DNS:www.ithero.club,DNS:vpn.ithero.club,DNS:mail.ithero.clubâ|
|[Sat Jun 2 15:04:39 CDT 2018]|_createcsr|
|[Sat Jun 2 15:04:39 CDT 2018]|Read key length:ec-256|
|[Sat Jun 2 15:04:39 CDT 2018]|_saved_account_key_hash is not changed, skip register account.|
|[Sat Jun 2 15:04:39 CDT 2018]|d|
|[Sat Jun 2 15:04:39 CDT 2018]|_currentRoot=â/var/etc/acme-client/challengesâ|
|[Sat Jun 2 15:04:39 CDT 2018]|Check for domain=âmail.ithero.clubâ|
|[Sat Jun 2 15:04:39 CDT 2018]|d=âmail.ithero.clubâ|
|[Sat Jun 2 15:04:39 CDT 2018]|_currentRoot=â/var/etc/acme-client/challengesâ|
|[Sat Jun 2 15:04:39 CDT 2018]|Check for domain=âvpn.ithero.clubâ|
|[Sat Jun 2 15:04:39 CDT 2018]|d=âvpn.ithero.clubâ|
|[Sat Jun 2 15:04:39 CDT 2018]|_currentRoot=â/var/etc/acme-client/challengesâ|
|[Sat Jun 2 15:04:39 CDT 2018]|Check for domain=âwww.ithero.clubâ|
|[Sat Jun 2 15:04:39 CDT 2018]|d=âwww.ithero.clubâ|
|[Sat Jun 2 15:04:39 CDT 2018]|_currentRoot=â/var/etc/acme-client/challengesâ|
|[Sat Jun 2 15:04:39 CDT 2018]|Check for domain=âithero.club-caâ|
|[Sat Jun 2 15:04:39 CDT 2018]|d=âithero.club-caâ|
|[Sat Jun 2 15:04:39 CDT 2018]|Le_LocalAddress|
|[Sat Jun 2 15:04:39 CDT 2018]|_chk_alt_domains=âwww.ithero.club,vpn.ithero.club,mail.ithero.clubâ|
|[Sat Jun 2 15:04:39 CDT 2018]|_chk_main_domain=âithero.club-caâ|
|[Sat Jun 2 15:04:39 CDT 2018]|_on_before_issue|
Whatever the most common reasons for this error are, the specific log that @Bassangler posted shows an attempt to obtain a certificate for the non-public domain ithero.club-ca. So, the other common failure reasons probably donât apply to this situation.
Thank you everyone, all input is appreciated. @schoen was correct. I didnât look closely enough at what was needed in a particular field within my setup, after I removed the â-caâ the error was resolved.