Is .farm a supported TLD?

Nyasha · May 24, 2020, 11:32pm

My domain is: rera.farm

I am trying to obtain a certificate but getting the following error:

“An unexpected error occurred:
Error creating new order :: Cannot issue for “*.domain”: Domain name does not end with a valid public suffix (TLD)”

I am using Certbot for the process. Is .farm a currently supported TLD. If it is how can i possibly go about resolving the error message i am getting?

_az · May 24, 2020, 11:39pm

Let's Encrypt has issued plenty of certificates for .farm TLDs.

If you are getting that error, it's because of something else, like errant characters or typos in the domain name being provided to the Let's Encrypt client.

Does it literally say *.domain in the error message? Or did it say something else?

JuergenAuer · May 24, 2020, 11:45pm

Hi @Nyasha

your domain is online and it's possible to connect your domain - https://check-your-website.server-daten.de/?q=rera.farm

So farm is a public suffix. If it wouldn't be a public suffix, it would be impossible to connect your domain.

PS:

There is a bitnami self signed certificate:

CN=www.example.com, OU=Certificate generated at boot time, O=Bitnami
	07.05.2020
	05.05.2030
expires in 3632 days

So use the bitnami client / script.

And you have a redirect domainname -> ip address.

Domainname	Http-Status	redirect	Sec.	G
• http://rera.farm/ 18.132.132.95	302	http://18.132.132.95	0.076	D

• http://18.132.132.95	302	http://18.132.132.95/auth	0.077	D

• http://18.132.132.95/auth GZip used - 4084 / 21819 - 81,28 %	200	Html is minified: 143,26 %	0.096	H

• https://rera.farm/ 18.132.132.95	302	http://18.132.132.95	2.420	N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors

That's always wrong, never redirect to ip addresses.

/.well-known/acme-challenge/random-filename isn't redirected, so there is an exception.

rg305 · May 24, 2020, 11:45pm

Can you show the complete command you used?

Nyasha · May 25, 2020, 1:28am

Here are the commands i am running in their sequence followed by the output:

bitnami@ip-:~ DOMAIN=rera.farm bitnami@ip-*********:~ WILDCARD=.DOMAIN
bitnami@ip-:~$ sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
An unexpected error occurred:Error creating new order :: Cannot issue for ".domain": Domain name does not end with a valid public suffix (TLD)
Please see the logfiles in /var/log/letsencrypt for more details.

rg305 · May 25, 2020, 1:32am

It needs a real domain there.

If WILDCARD is trying to reference the variable DOMAIN it seems to be failing to do so.
Something more like this might work:
WILDCARD='*.'$DOMAIN

rg305 · May 25, 2020, 1:42am

Try:

DOMAIN=rera.farm
WILDCARD="*."$DOMAIN
sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly

OR

sudo certbot -d rera.farm -d "*.rera.farm" --manual --preferred-challenges dns certonly

system · June 24, 2020, 1:42am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.