Is .farm a supported TLD?

My domain is:

I am trying to obtain a certificate but getting the following error:

“An unexpected error occurred:
Error creating new order :: Cannot issue for “*.domain”: Domain name does not end with a valid public suffix (TLD)”

I am using Certbot for the process. Is .farm a currently supported TLD. If it is how can i possibly go about resolving the error message i am getting?

1 Like

Let’s Encrypt has issued plenty of certificates for .farm TLDs.

If you are getting that error, it’s because of something else, like errant characters or typos in the domain name being provided to the Let’s Encrypt client.

Does it literally say *.domain in the error message? Or did it say something else?

1 Like

Hi @Nyasha

your domain is online and it’s possible to connect your domain -

So farm is a public suffix. If it wouldn’t be a public suffix, it would be impossible to connect your domain.


There is a bitnami self signed certificate:, OU=Certificate generated at boot time, O=Bitnami
expires in 3632 days	

So use the bitnami client / script.

And you have a redirect domainname -> ip address.

Domainname Http-Status redirect Sec. G 302 0.076 D 302 0.077 D GZip used - 4084 / 21819 - 81,28 % 200 Html is minified: 143,26 % 0.096 H 302 2.420 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors

That’s always wrong, never redirect to ip addresses.

/.well-known/acme-challenge/random-filename isn’t redirected, so there is an exception.


Can you show the complete command you used?

1 Like

Here are the commands i am running in their sequence followed by the output:

bitnami@ip-:~ bitnami@ip-*********:~ WILDCARD=.DOMAIN
:~$ sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Starting new HTTPS connection (1):
Obtaining a new certificate
An unexpected error occurred:Error creating new order :: Cannot issue for "
.domain": Domain name does not end with a valid public suffix (TLD)
Please see the logfiles in /var/log/letsencrypt for more details.

1 Like

It needs a real domain there.

If WILDCARD is trying to reference the variable DOMAIN it seems to be failing to do so.
Something more like this might work:


sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly


sudo certbot -d -d "*" --manual --preferred-challenges dns certonly

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.