Help with Domain name does not end with a valid public suffix (TLD)

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: vhaan.me and mail.vhaan.me

I ran this command: sudo certbot

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.

1: vhaan.me.tld
2: mail.vhaan.me.tld

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Requesting a certificate for vhaan.me.tld and mail.vhaan.me.tld
An unexpected error occurred:
Invalid identifiers requested :: Cannot issue for "mail.vhaan.me.tld": Domain name does not end with a valid public suffix (TLD) (and 1 more problems. Refer to sub-problems for more information.)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): - Server version: Apache/2.4.61

The operating system my web server runs on is (include version): - Name: Debian GNU/Linux

  • Pretty Name: Debian GNU/Linux 12 (bookworm)
  • Version: 12 (bookworm)
  • Version ID: 12
  • Codename: bookworm

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): i dont know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.11.0

2

I also installed certbot with: sudo snap install --classic certbot

3

Hello @lemirq,
Let’s Encrypt offers Domain Validation (DV) certificates.

Domain names for issued certificates are all made public in Certificate Transparency logs(e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

Thus you need to own and have control over the Domain Name (or have a subdomain under an existing domain name, for example pointed to your server by your employer or school) you wish to obtain a certificate for, from an ICANN Accredited Registrar.

1 Like
4

Please mind I'm a beginner with linux. The thing is, I'm trying to setup an email server with a raspberry pi following this tutorial: https://www.makeuseof.com/make-your-own-raspberry-pi-email-server/. It requires me to use certbot for my domains.

5

But you will need a domain name that does end with a public suffix (TLD) to obtain a certificate issued by Let’s Encrypt. Presently Let’s Encrypt does not issue certificates for IP Addresses.

1 Like
6

Did you misspell your domain name in Apache config?

Because you say the name ends in .me but Certbot saw the Apache config had it with .me.tld

3 Likes
7

Sorry but could you please explain what a public suffix is? I am not very experienced and got my domain from namecheap.

8

Oh really? The tutorial I followed told me to write ServerName mail.vhaan.me.tld in my config files

9

Public Suffix List - Wikipedia

I was just trying to use words you had used in the topic’s Title, assuming you knew what is.

1 Like
10

Sorry, but this is not really helping

11

I own vhaan.me already, so what seems to be the problem?

12

That looks like a fine valid domain name to me.

1 Like
13

I think you misunderstood what they meant. You should use your actual domain name

Or, it is really bad instruction in which case quit using it :slight_smile:

3 Likes
14

Here is what Let’s Debug is showing https://letsdebug.net/vhaan.me/2174093


MultipleIPAddressDiscrepancy
WARNING
vhaan.me has multiple IP addresses in its DNS records. While they appear to be accessible on the network, we have detected that they produce differing results when sent an ACME HTTP validation request. This may indicate that some of the IP addresses may unintentionally point to different servers, which would cause validation to fail.
[Address=70.50.92.209,Address Type=IPv4,Server=Apache/2.4.61 (Debian),HTTP Status=404] vs [Address=76.76.21.21,Address Type=IPv4,Server=Vercel,HTTP Status=404]
1 Like
15

So it's a problem because I am currently hosting a site on vercel??

16

Not necessarily, but you do have more than one IP Address and they are not all responding the same.

Here is what your DNS looks like.

IMG_0067
IMG_00672746Ă—1908 316 KB

2 Likes
17

Wow thanks a lot. So what IP should I remove? the one ending in 209 is the raspberry pi, and the one ending in 21 is for vercel.

18

Another update: I switched from previously configured .tld to my proper vhaan.me domain. And ran sudo certbot again:

Requesting a certificate for vhaan.me and mail.vhaan.me

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: vhaan.me
Type: unauthorized
Detail: 76.76.21.21: Invalid response from http://vhaan.me/.well-known/acme-challenge/qzgTMmr9S107juHnUrBdRvn6BluFD4fQX7tl5ZvTEhg: 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

19

Remove the one that doesn’t equal the output of the following commands.
curl -4 ifconfig.me
curl -4 ifconfig.io

1 Like
20

But then my site wouldn't be hosted with vercel right?