I'm trying to create a wildcard for Third-Level Domain

My domain is: ro.gov.br

I ran this command: certbot certonly --logs-dir /tmp -m datacenter@setic.ro.gov.br --agree-tos --force-renewal --dns-rfc2136 --dns-rfc2136-credentials /root/certificado/dns-key-ro.ini --dns-rfc2136-propagation-seconds 300 --preferred-chain "ISRG Root X1" -d *.ro.gov.br

It produced this output:An unexpected error occurred:
The server will not issue certificates for the identifier :: Error creating new order :: Cannot issue for "*.ro.gov.br": Domain name is a wildcard for an ICANN TLD

The operating system my web server runs on is (include version): Oracle 8

The version of my client is: certbot 1.19.0

Basically when trying to create the wildcard for *.ro.gov.br I get an error as if I were a TLD, if I try to perform the same command for anything.ro.gov.br and *.anything.ro.gov.br it works exactly as expected. Can you tell me why I have this restriction?
Would it be a bug that my domain is written identical to the ICANN TLD (https://data.iana.org/TLD/tlds-alpha-by-domain.txt)?

1 Like

Welcome to the community @caiotvrs

Yes, ro.gov.br is included in the Public Suffix List so is treated as a TLD.
https://publicsuffix.org/

Click on The List on that page to see all the entries

5 Likes

See also: .br updated 2nd level domains + 3rd level gov.br by fnevesbr · Pull Request #464 · publicsuffix/list · GitHub :slight_smile:

4 Likes