Is LetsEncrypt compatible with all TLDs?

I use LetsEncrypt for all my domains, so I am very familiar with it. However, I have always used it with very common TLDs, org, com, net, etc. Do "new" TLDs, like .rocks, work with LetsEncrypt?

2 Likes

I believe so, I've been able to use it with every TLD that I have tried:

.cc
.com
.icu
.net
.org
.ovh
.pw
.tk
.top
.us
.work
.xyz

And we see all kinds of TLDs come through here.

[Unless the TLD is explicitly listed on some government block list - you should be fine]

2 Likes

Hi @dr00bie

rocks isn't new, see

https://publicsuffix.org/list/public_suffix_list.dat

// rocks : 2013-11-14 Dog Beach, LLC
rocks

So if a TLD is listet on the Public Suffix List, you should be able to create a certificate.

Or use the IANA list:

https://www.iana.org/domains/root/db

spa is the newest TLD - .spa Domain Delegation Data

Or use online tools like https://letsdebug.net/ (from @_az) or https://check-your-website.server-daten.de/ (own tool), there are domain name checks included.

In some cases it's possible that a domain is listed (PSL or IANA), but Letsencrypt doesn't have the newest version. But that's rare.

2 Likes

Thanks for the reply. I hadn't used it before, so I guess I should've said "new to me". I really appreciate the further documentation and information to review on this question.

3 Likes

Thanks for your reply! I was thinking it would, but having only used the most common TLD's, I didn't want my friend to buy a new domain that might not be compatible.

3 Likes

I think in the past, the cross-signed intermediate had a resitriction for the .mil TLD. And I believe there are some restrictions to some TLDs like .ir due to some kind of block list from the USA goverment. But in principle, any TLD should work.

I myself, being a M.D. have a website with the .md TLD and for which I have a LE cert of course :grin:

4 Likes

There’s not a restriction for the entire TLD.

4 Likes

Sorry, I didn't mean the entire TLD, but to some domains of that TLD, more as an example, as the US gvrmt blocklist includes domains from other TLDs too (but not 100 % sure).

3 Likes

Tough crowd.

:sweat_smile:

2 Likes

It's the

https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx

list: TXT:

https://www.treasury.gov/ofac/downloads/sdnlist.txt

Checked my local version (used in "check-your-website"):

TLD num_Entries
.com 220
.ir 123
.ru 58
.net 20
.mx 11
.org 6
.ua 6
.co 5
.sy 5
.de 5
.ni 4
.my 3
.lb 3
.fi 3
.uk 3
.su 2
.cn 2
.ae 2
.ph 2
.ps 2
.rs 1
.tr 1
.tv 1
.tw 1
.ly 1
.ir/ferro_gilan 1
.af 1
.am 1
.ar 1
.bh 1
.biz 1
.by 1
.com/about/fa 1
.com/porticellomalta 1
.com/zkgrandtown 1
.cy 1
.ac/ir 1
.edu/jalili 1
.fr 1
.hr 1
.info 1
.su/about 1
.ua/en/contacts 1
.ve 1
.vn 1
.za 1
4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.