Invalid character in DNS name

When running ./letsencrypt-auto --apache I get the following error:

An unexpected error occurred:
The request message was malformed :: Error creating new authz :: Invalid character in DNS name
Please see the logfiles in /var/log/letsencrypt for more details.

In the log file I get

2015-12-04 16:17:02,870:DEBUG:root:Requesting fresh nonce
2015-12-04 16:17:02,870:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
2015-12-04 16:17:02,870:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-04 16:17:03,077:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-authz HTTP/1.1" 405 0
2015-12-04 16:17:03,077:DEBUG:root:Received <Response [405]>. Headers: {'Content-Length': '0', 'Pragma': 'no-cache', 'Expires': 'Fri, 04 Dec 2015 16:17:03 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Allow': 'POST', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 04 Dec 2015 16:17:03 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': 'OB5r0S3f-FAehHTNzeKVrSiCsnL3OEaVErKmKRgi0Bs'}. Content: ''
2015-12-04 16:17:03,078:DEBUG:acme.client:Storing nonce: '8\x1ek\xd1-\xdf\xf8P\x1e\x84t\xcd\xcd\xe2\x95\xad(\x82\xb2r\xf78F\x95\x12\xb2\xa6)\x18"\xd0\x1b'
2015-12-04 16:17:03,078:DEBUG:acme.jose.json_util:Omitted empty fields: expires=None, challenges=None, status=None, combinations=None
2015-12-04 16:17:03,078:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "*.bedstevenner.org"}, "resource": "new-authz"}
2015-12-04 16:17:03,079:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, jwk=None, x5t=None, x5tS256=None, cty=None, x5u=None, typ=None, alg=None, jku=None
2015-12-04 16:17:03,080:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, nonce=None, x5tS256=None, cty=None, x5t=None, x5u=None, typ=None, jku=None
2015-12-04 16:17:03,080:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "ush0ZK3iAI7zpQPkJlCDDnJtP9xBqAFJyt_6an256Gqva_4N6LRlhskB6WwykCBhVV4AjWVabk9GqkQfphXfKoVA86bdw8uUOG8u9sp1Du2PD5gCQ9AvlUHilduGKERIiJZWRIRorSUMGX1rDOTYdplKqKGZLjqHt-UcupPxGIGXtmVC6Wk5UFvJiWhISn9p89Fr67_ADBjCbeSxRGhR3RSDbZfKzt83Rp_vIfraa024ytE2yqOihf6AjWmUyYpqvxwRoLXSZm5kfNFlX0KnmS2E7A-3NZt5r3CRyF62reo9LPWABm-DzCTXVqMq79K76uTf4H_FPARED7H_qMEh0w"}}, "protected": "eyJub25jZSI6ICJPQjVyMFMzZi1GQWVoSFROemVLVnJTaUNzbkwzT0VhVkVyS21LUmdpMEJzIn0", "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICIqLmJlZHN0ZXZlbm5lci5vcmcifSwgInJlc291cmNlIjogIm5ldy1hdXRoeiJ9", "signature": "k3Cbixvz903286fckHfX538LgrTGGS9kKetPA3D7rVPzTCp_R7Mxd1cibk1u8NA9k-PNl_eqYKjevcHkyVNRQ2x0G8wWPDZj9q_xKETyFjdGryOLTk6i59GdypA9unJ-uUYD55LIrLMT9270Db8pLaJ8F0snHQaac9QKksHU5IG8LnO4DRUCeu9otP4JZVTArh35Ti_DbGKNBn6Q-zTqu1tGmloBbSMwu-U7k6qN_b3CsiejPshfmU3A-Dsh63datpARHuv5p98bnE2z6nylVP0Fo1qjGImZbQII2xbXBaeZyYDcEQ4GwB_RWcYlywYhJLrX56VEma3zB3rc1e6oBQ"}'}
2015-12-04 16:17:03,080:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-04 16:17:03,307:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 400 117
2015-12-04 16:17:03,308:DEBUG:root:Received <Response [400]>. Headers: {'Content-Length': '117', 'Expires': 'Fri, 04 Dec 2015 16:17:03 GMT', 'Server': 'nginx', 'Connection': 'close', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 04 Dec 2015 16:17:03 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': 'pORzYwXHpNa207th-ko4SLFNmWbcx5ThPmk70Zq_9YM'}. Content: '{"type":"urn:acme:error:malformed","detail":"Error creating new authz :: Invalid character in DNS name","status":400}'
2015-12-04 16:17:03,309:DEBUG:acme.client:Storing nonce: '\xa4\xe4sc\x05\xc7\xa4\xd6\xb6\xd3\xbba\xfaJ8H\xb1M\x99f\xdc\xc7\x94\xe1>i;\xd1\x9a\xbf\xf5\x83'
2015-12-04 16:17:03,309:DEBUG:acme.client:Received response <Response [400]> (headers: {'Content-Length': '117', 'Expires': 'Fri, 04 Dec 2015 16:17:03 GMT', 'Server': 'nginx', 'Connection': 'close', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 04 Dec 2015 16:17:03 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': 'pORzYwXHpNa207th-ko4SLFNmWbcx5ThPmk70Zq_9YM'}): '{"type":"urn:acme:error:malformed","detail":"Error creating new authz :: Invalid character in DNS name","status":400}'
2015-12-04 16:17:03,309:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
  File "/home/jeppe/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/home/jeppe/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 1283, in main
    return args.func(args, config, plugins)
  File "/home/jeppe/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 470, in run
    lineage = _auth_from_domains(le_client, config, domains)
  File "/home/jeppe/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 336, in _auth_from_domains
    lineage = le_client.obtain_and_enroll_certificate(domains)
  File "/home/jeppe/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 283, in obtain_and_enroll_certificate
    certr, chain, key, _ = self.obtain_certificate(domains)
  File "/home/jeppe/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 266, in obtain_certificate
    return self._obtain_certificate(domains, csr) + (key, csr)
  File "/home/jeppe/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 224, in _obtain_certificate
    authzr = self.auth_handler.get_authorizations(domains)
  File "/home/jeppe/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 74, in get_authorizations
    domain, self.account.regr.new_authzr_uri)
  File "/home/jeppe/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 215, in request_domain_challenges
    typ=messages.IDENTIFIER_FQDN, value=domain), new_authz_uri)
  File "/home/jeppe/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 195, in request_challenges
    response = self.net.post(new_authzr_uri, new_authz)
  File "/home/jeppe/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 634, in post
    return self._check_response(response, content_type=content_type)
  File "/home/jeppe/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 550, in _check_response
    raise messages.Error.from_json(jobj)
Error: urn:acme:error:malformed :: The request message was malformed :: Error creating new authz :: Invalid character in DNS name

It worked once, but since then it hasn’t worked.

Hope someone can help me.
Thanks.
Jeppe

If i am not mistaken it doesn’t like that you used an asterisk “*” instead of specifying a subdomain.

You were correct. I was using * to catch all subdomains. When I don’t do that, it continues. I am running into new problems now with “Issuance for IP addresses not supported” - I’ll try to find a solution to that…

Thanks for your help.
Jeppe

I don’t think LE offers wildcard at this time.

yup no wildcard support

I’ve been having the same issue running the same command on Ubuntu 14.01.

It is likely because of the way I have setup my subdomains, but how can I not use a wildcard to select a subdomain?

Using the UI that ./letsencrypt-auto --apache gives, every option I has is prefixed with a asterix as per the screenshot below:

Bv83oYX.jpg1295×754 49.1 KB

Would it perhaps be better not to use a wrapper to do this?

I think the asterisk in the UI screenshot is it just showing you which domains you have selected.

That asterisk is a curses thing (screen drawing in text mode) to indicate the option is marked. I think the issue is the “-games.ducsuus.com” domain. Maybe you didn’t mean to start one of the levels with a hyphen?

Really?

How am I supposed to select and un/select them?

Space bar when using the arrow keys to select the row.

Wow.

Never had to do that before!

The -games.ducsuus.com domain was actually a test to see if it would be possible to use characters like that! Had no idea it’d selected that domain, I thought you could only do a single domain at a time using the UI.

Of course not everybody using SSL certificates are going to use a ‘wrapper’ to do it for them, would it be possible to use letsencrypt without running any letsencrypt files, or rather install the SSL certificates manually?

Edit: It was that games URL that was not working! Thanks for the help!

It sure is. I'm using the official client with "webroot" and "certonly". I can then configure my webserver files to use the certificates. You can even run the whole process by hand if you want, or using any of the several ACME clients that are being developed.

OK, sounds interesting!

I am getting the same error with my server using a new hostname. Running Centos 7. Please assist.

When I run ./letsencrypt-auto certonly

Here is my logfile

2015-12-30 06:35:09,013:DEBUG:letsencrypt.cli:Root logging level set at 30 2015-12-30 06:35:09,014:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2015-12-30 06:35:09,014:DEBUG:letsencrypt.cli:letsencrypt version: 0.1.1 2015-12-30 06:35:09,014:DEBUG:letsencrypt.cli:Arguments: [] 2015-12-30 06:35:09,014:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone) 2015-12-30 06:35:09,022:DEBUG:letsencrypt.cli:Requested authenticator None and installer None 2015-12-30 06:35:09,398:DEBUG:letsencrypt.plugins.disco:No installation (PluginEntryPoint#apache): Traceback (most recent call last): File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/plugins/disco.py", line 103, in prepare self._initialized.prepare() File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt_apache/configurator.py", line 142, in prepare raise errors.NoInstallationError NoInstallationError 2015-12-30 06:35:09,400:DEBUG:letsencrypt.plugins.disco:Other error:(PluginEntryPoint#webroot): --webroot-path must be set Traceback (most recent call last): File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/plugins/disco.py", line 103, in prepare self._initialized.prepare() File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/plugins/webroot.py", line 53, in prepare self.option_name("path"))) PluginError: --webroot-path must be set 2015-12-30 06:35:09,401:DEBUG:letsencrypt.display.ops:Single candidate plugin: * standalone Description: Automatically use a temporary webserver Interfaces: IAuthenticator, IPlugin Entry point: standalone = letsencrypt.plugins.standalone:Authenticator Initialized: <letsencrypt.plugins.standalone.Authenticator object at 0x2c47fd0> Prep: True 2015-12-30 06:35:09,401:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt.plugins.standalone.Authenticator object at 0x2c47fd0> and installer None 2015-12-30 06:35:09,433:DEBUG:letsencrypt.cli:Picked account: <Account(41c315d53ec68f128cc75c0e6a617f71)> 2015-12-30 06:35:09,434:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {} 2015-12-30 06:35:09,444:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org 2015-12-30 06:35:09,585:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 263 2015-12-30 06:35:09,591:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '263', 'Expires': 'Wed, 30 Dec 2015 06:35:09 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Wed, 30 Dec 2015 06:35:09 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'R5tZVinfe6ZbktzarlwGXahNZCtcxW5sWw59fDJ0P-8'}. Content: '{"new-authz":"https://acme-v01.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-v01.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-v01.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-v01.api.letsencrypt.org/acme/revoke-cert"}' 2015-12-30 06:35:09,593:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '263', 'Expires': 'Wed, 30 Dec 2015 06:35:09 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Wed, 30 Dec 2015 06:35:09 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'R5tZVinfe6ZbktzarlwGXahNZCtcxW5sWw59fDJ0P-8'}): '{"new-authz":"https://acme-v01.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-v01.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-v01.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-v01.api.letsencrypt.org/acme/revoke-cert"}' 2015-12-30 06:35:09,594:DEBUG:letsencrypt.display.ops:No installer, picking names manually 2015-12-30 06:35:13,722:INFO:letsencrypt.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0008_key-letsencrypt.pem 2015-12-30 06:35:13,726:INFO:letsencrypt.crypto_util:Creating CSR: /etc/letsencrypt/csr/0008_csr-letsencrypt.pem 2015-12-30 06:35:13,726:DEBUG:letsencrypt.client:CSR: CSR(file='/etc/letsencrypt/csr/0008_csr-letsencrypt.pem', data='0\x82\x02\x8d0\x82\x01u\x02\x000\x1b1\x190\x17\x06\x03U\x04\x03\x0c\x10tim@aethercs.com0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xb7\xd7\xc4Q\xd3\xf1\x05\xa1D\xe1F$\xd4\xc0Z\xeav\x81\x1e\xb4"U.ohx_\x08\xa8tj\x86bg\xea84\x82\x0b\x03y\x0c?\x8e\xe4\xc5\xc6\xc5\xdb\xa4\x81\x15\x99+\xfe\xe2\xfa\xf2\xd6\xe7!\x06\x075\xede\xee \xea\xf2\x1e\xd3\xe5\xe4m+\xc9\xd9\xf0q*\x1a\xec\x81\x92T\x1cLH}88\x14H\x8fi4\xc8\xe6\x1f#Ca\x8a\xd9\xc2=\xf9\xd2\x14\xfc\x971Sl3\x92\x8a\xac\xdd\xa8\x9d\xc8d\x8a\xfe\xe0I\xa1R\xc5\xd8{\xbd\x12\xc1;\x9df\xb3\xad\xee+\xc3\x04\x16\xb1\xb6\xfc\xff\xb5\xd1\x96\xf1\'\xd4\x14\xd5\xac\xcf0\xec\\\xfe\x84@|=k(\xe1\x9c\x17\x84+vqq!m\xce\x01\xe8F\xeaT\xda\xcf\\\xe5[D\x8a\xc0\xae\xc5\xae5\xffVm\x0e\x87\xcf\xcb\xf8Ry\xc1\x82B+\xed\x98#\xa3\x14\x01\xcb\xb4|3\xf0O|\x97\xbb\x9f\x92\xec\xf5\xe8\x8f\xac\xc8\x87=L)G\x8df\xcf\x17\xb5\xd6\x1b\x9a>xn\xb9\x0b\xd8fU\x02\x03\x01\x00\x01\xa0.0,\x06\t*\x86H\x86\xf7\r\x01\t\x0e1\x1f0\x1d0\x1b\x06\x03U\x1d\x11\x04\x140\x12\x82\x10tim@aethercs.com0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x01\xa6L\x93R\xe8y.rz*=\xd3M9\x8b\xbf\xfd\xfe\xe2\xea\x1e\x95\x1dCp\xf1\x9c\x1c\xb3\x15\x00\xac\x83k?\xac\x13\x8c\x11U\xdd\xbay\xd4B\xeb\x99/K\xd1X\xe85\x80\xc3\x99wm\xd1\xbe#z’\x16\xf8\x0b\xef\xf9^\xd1\x80\xb7\x93\x0e\xb0b\x00\xcd\x1f1(\x9f\x0b\xaf\x1b\x04\x85|\xbd\x19K\xa4\x95l\x83vzVJ\xdd]j\xd7:\xd4\xb2xS\xa7\xaa\xe2\xfcM\x83\xb3"?\x00\xbcx\xe1o\x18\xbd\xc2yn\xafp5K\xff@t\x9fR=b\xa7;>\x00\xbbtR\xffqfa\x1f\x06a\xf8_A\x0ew\x8bvL\xf8\xc4\xb5\xcc\kqd\x0ed\t\xbc\xb8\x8c\x1a\xefv\x86\x8cI-Gu\xa3\xeb\x88\xf5\xcf\xb0{{2\x96{\x06\xda\x19\xfc\xdb\x12\xd0\xc7\xf5)l\xf0\x01\xc7\xa3\xe2)Z+\xe7\xec:S0\x9ec\xc8UU\x83\x95\xb9\x9b\x97\xff\xc9\xd1\xd4\x07\xf7\xcc?\x82\xfbF\xdf8-\x0ck(\xf0\xfc\x90\x11\\xa9\xcc\xb94’, form=‘der’), domains: [‘tim@aethercs.com’]
2015-12-30 06:35:13,727:DEBUG:root:Requesting fresh nonce
2015-12-30 06:35:13,727:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
2015-12-30 06:35:13,729:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-30 06:35:13,833:DEBUG:requests.packages.urllib3.connectionpool:“HEAD /acme/new-authz HTTP/1.1” 405 0
2015-12-30 06:35:13,835:DEBUG:root:Received <Response [405]>. Headers: {‘Content-Length’: ‘0’, ‘Pragma’: ‘no-cache’, ‘Expires’: ‘Wed, 30 Dec 2015 06:35:13 GMT’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Allow’: ‘POST’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Wed, 30 Dec 2015 06:35:13 GMT’, ‘Content-Type’: ‘application/problem+json’, ‘Replay-Nonce’: ‘szIrhYUKn-Xv4j2PftDLEW84gZhmSdn9LVMRm1QtLBI’}. Content: ''
2015-12-30 06:35:13,835:DEBUG:acme.client:Storing nonce: '\xb32+\x85\x85\n\x9f\xe5\xef\xe2=\x8f~\xd0\xcb\x11o8\x81\x98fI\xd9\xfd-S\x11\x9bT-,\x12’
2015-12-30 06:35:13,836:DEBUG:acme.jose.json_util:Omitted empty fields: expires=None, challenges=None, combinations=None, status=None
2015-12-30 06:35:13,836:DEBUG:acme.client:Serialized JSON: {“identifier”: {“type”: “dns”, “value”: "tim@aethercs.com"}, “resource”: “new-authz”}
2015-12-30 06:35:13,837:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jwk=None, x5u=None, kid=None, alg=None, cty=None, x5tS256=None, jku=None, x5t=None
2015-12-30 06:35:13,840:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, x5u=None, kid=None, cty=None, x5tS256=None, jku=None, x5t=None, nonce=None
2015-12-30 06:35:13,841:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {‘data’: ‘{“header”: {“alg”: “RS256”, “jwk”: {“e”: “AQAB”, “kty”: “RSA”, “n”: “qf3M17X7IIKnEptUGMWxI2s3uRWa7UKZTbkkHg7zNdX4WsB3ziJNkHaoh-NqCcOj_yKZ8YnDjO0GtmOehCiVWm8_KtjN6_zof8atjvR4_JFcGFZVSXmZ-hVZLASoukq51S0-JT5sYE4f1d4uVM7P4emyA0QYPXWR8woh1jkXJkX2h-UbcrVBncTIjI1XogU7RHg_9UOHtMNwkEB-hgrR4tfpd0vFEQvzCKKmGseoInXgfXUn_ynXl_qE5VyRFZ2pjJdBUpyuiuU-HnYCKKHVIGZSgCmBUqBVbb5j67p-febD7NhG6F1MmuuzmsJy0Opwj7gCgA6_dpL4ZFUGmiWHGw”}}, “protected”: “eyJub25jZSI6ICJzeklyaFlVS24tWHY0ajJQZnRETEVXODRnWmhtU2RuOUxWTVJtMVF0TEJJIn0”, “payload”: “eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJ0aW1AYWV0aGVyY3MuY29tIn0sICJyZXNvdXJjZSI6ICJuZXctYXV0aHoifQ”, “signature”: “lKLJrlXiSQRsBUNsaSEZH9KgZCMRRFs7VH1XPpUpAwjm3gMRuXnTCKPXcJeSEtlO306uRWsZti1Wa1NRihw0zrtmyfyvPxFVjHJkt_81p_7Dp_3n2cBfVDKN4zbZjUCJwYoDIiZUlLVlKRcl6myM-bE90l_mp00vIp6FhB2lyfRcbkGaYh6RoGBH_HP7ccL9o9BFcX6wcfhte2yYjvnCgy-9b297daeWLpruK5Jb2md0Upc4vE7Zhyyg53Qwiluw_c9a8Y749tSrRFwVu0GPqtxjj8-sVrSl-GMPzxlG_NSSQVp9a1UmCzFFiNG3B9byTRL3Hd4bKu0U3MNXQSH7Ng”}’}
2015-12-30 06:35:13,842:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-30 06:35:13,976:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/new-authz HTTP/1.1” 400 117
2015-12-30 06:35:13,979:DEBUG:root:Received <Response [400]>. Headers: {‘Content-Length’: ‘117’, ‘Expires’: ‘Wed, 30 Dec 2015 06:35:13 GMT’, ‘Server’: ‘nginx’, ‘Connection’: ‘close’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Wed, 30 Dec 2015 06:35:13 GMT’, ‘Content-Type’: ‘application/problem+json’, ‘Replay-Nonce’: ‘4vvqZFuTesxztv2KNZ58M_VK2O4YCD0cDhoiYWxGG_I’}. Content: '{“type”:“urn:acme:error:malformed”,“detail”:“Error creating new authz :: Invalid character in DNS name”,“status”:400}'
2015-12-30 06:35:13,980:DEBUG:acme.client:Storing nonce: '\xe2\xfb\xead[\x93z\xccs\xb6\xfd\x8a5\x9e|3\xf5J\xd8\xee\x18\x08=\x1c\x0e\x1a"alF\x1b\xf2’
2015-12-30 06:35:13,980:DEBUG:acme.client:Received response <Response [400]> (headers: {‘Content-Length’: ‘117’, ‘Expires’: ‘Wed, 30 Dec 2015 06:35:13 GMT’, ‘Server’: ‘nginx’, ‘Connection’: ‘close’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Wed, 30 Dec 2015 06:35:13 GMT’, ‘Content-Type’: ‘application/problem+json’, ‘Replay-Nonce’: ‘4vvqZFuTesxztv2KNZ58M_VK2O4YCD0cDhoiYWxGG_I’}): '{“type”:“urn:acme:error:malformed”,“detail”:“Error creating new authz :: Invalid character in DNS name”,“status”:400}'
2015-12-30 06:35:13,983:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/cli.py”, line 1396, in main
return args.func(args, config, plugins)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/cli.py”, line 598, in obtain_cert
_auth_from_domains(le_client, config, domains)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/cli.py”, line 402, in _auth_from_domains
lineage = le_client.obtain_and_enroll_certificate(domains)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/client.py”, line 283, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/client.py”, line 266, in obtain_certificate
return self._obtain_certificate(domains, csr) + (key, csr)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/client.py”, line 224, in _obtain_certificate
authzr = self.auth_handler.get_authorizations(domains)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/auth_handler.py”, line 74, in get_authorizations
domain, self.account.regr.new_authzr_uri)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py”, line 217, in request_domain_challenges
typ=messages.IDENTIFIER_FQDN, value=domain), new_authz_uri)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py”, line 197, in request_challenges
response = self.net.post(new_authzr_uri, new_authz)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py”, line 636, in post
return self._check_response(response, content_type=content_type)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py”, line 552, in _check_response
raise messages.Error.from_json(jobj)
Error: urn:acme:error:malformed :: The request message was malformed :: Error creating new authz :: Invalid character in DNS name

`

What are you trying to achieve ? you really need either --standalone, --webroot or --manual depending on what you are trying to achieve. see the manual

LE is for FQDN's only that mean you can not specify an email as domain name.

Oh my goodness… I read that prompt wrong. I was following a tutorial that said it would ask for an email address first, and then the domain. I feel like an such a dummy.

That fix got me through the prompts successfully. Unfortunately, https isn’t working, but I think I know what that problem is (following this).

I get that error because my domain name has an underscore (_).

Is that a prohibited character? Nobody but LE complains about that.

I'm having trouble finding a definitive reference, but yes, they were prohibited years ago. Hostname labels can only contain letters, digits and hyphens (not counting the dots). If any CA is still issuing certificates with underscores, it's misissuance, and needs to be reported and investigated.

Under the Baseline Requirements, certificates are generally specified in RFC 5280; § 4.2.1.6 states that:

When the subjectAltName extension contains a domain name system label, the domain name MUST be stored in the dNSName (an IA5String). The name MUST be in the "preferred name syntax", as specified by Section 3.5 of [RFC1034] and as modified by Section 2.1 of [RFC1123].

Thank you for the explanation and references.