Hello,
The Public Suffix List update for the .kh ccTLD was recently merged:
main ← pichponleurpen:pichponleurpen-patch-1
opened 03:40AM - 14 Jan 26 UTC
Removes the wildcard rule for .kh and explicitly lists Cambodia public suffixes
…
in accordance with the official registry policy published at:
https://www.trc.gov.kh/laws-regulations/subDecree/Sub-Decree%20on%20the%20Management%20and%20Use%20of%20National%20Domain%20Names%20on%20the%20Internet%20Royal%20Government.pdf
https://domain.gov.kh/required-documents
https://domain.gov.kh/static/media/Guideline-DNS.8f09c480e5a6fe54936b.pdf
# Public Suffix List (PSL) Submission
### Checklist of required steps
* [x] Description of Organization
* [x] Robust Reason for PSL Inclusion
* [x] DNS verification via dig
* [x] Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the `_psl` TXT record in place in the respective zone(s).
__Submitter affirms the following:__
* [x] We are listing *any* third-party limits that we seek to work around in our rationale such as those between IOS 14.5+ and Facebook (see [Issue #1245](https://github.com/publicsuffix/list/issues/1245) as a well-documented example)
- [Cloudflare](https://developers.cloudflare.com/learning-paths/get-started/add-domain-to-cf/add-site/)
- [Let's Encrypt](https://letsencrypt.org/docs/rate-limits/)
- MAKE SURE UPDATE THE FOLLOWING LIST WITH YOUR LIMITATIONS! REMOVE ENTRIES WHICH DO NOT APPLY AS WELL AS REMOVING THIS LINE!
* [x] This request was _not_ submitted with the objective of working around other third-party limits.
* [x] The submitter acknowledges that it is their responsibility to maintain the domains within their section. This includes removing names which are no longer used, retaining the _psl DNS entry, and responding to e-mails to the supplied address. Failure to maintain entries may result in removal of individual entries or the entire section.
* [x] The [Guidelines](https://github.com/publicsuffix/list/wiki/Guidelines) were carefully _read_ and _understood_, and this request conforms to them.
* [x] The submission follows the [guidelines](https://github.com/publicsuffix/list/wiki/Format) on formatting and sorting.
* [x] A role-based email address has been used and this inbox is actively monitored with a response time of no more than 30 days.
**Abuse Contact:**
* [x] Abuse contact information (email or web form) is available and easily accessible.
URL where abuse contact or abuse reporting form can be found:
https://domain.gov.kh/about
---
For PRIVATE section requests that are submitting entries for domains that match their organization website's primary domain, please understand that this can have impacts that may not match the desired outcome and take a long time to rollback, if at all.
To ensure that requested changes are entirely intentional, make sure that you read the affectation and propagation expectations, that you understand them, and confirm this understanding.
PR Rollbacks have lower priority, and the volunteers are unable to control when or if browsers or other parties using the PSL will refresh or update.
(Link: [about propagation/expectations](https://github.com/publicsuffix/list/wiki/Guidelines#appropriate-expectations-on-derivative-propagation-use-or-inclusion))
* [x] *Yes, I understand*. I could break my organization's website cookies and cause other issues, and the rollback timing is acceptable. *Proceed anyways*.
---
## Description of Organization
The Telecommunication Regulator of Cambodia (TRC) is the national authority responsible for regulation and oversight of the telecommunications and internet sector in Cambodia. TRC operates and supervises Cambodia’s country-code top-level domain (.kh) through the national registry (KHNIC), including policy, delegation, and DNS management.
The submitter represents TRC/KHNIC in a technical and policy capacity and is authorized to submit this change on behalf of the registry to reflect current operational policy.
**Organization Website:**
https://trc.gov.kh/
https://domain.gov.kh/
## Reason for PSL Inclusion
Cambodia allows public domain registrations directly under the .kh ccTLD as well as under structured second-level domains such as .com.kh, .edu.kh, and .gov.kh, as documented in the official registry policy.
The previous wildcard rule (*.kh) caused browsers and certificate authorities to treat all second-level domains under .kh as public suffixes, preventing valid registrations such as example.kh from functioning correctly for HTTPS, cookies, and related security mechanisms.
This change aligns the Public Suffix List with actual registry policy and operational reality, enabling correct domain handling.
**Number of users this request is being made to serve:**
Nationwide (all current and future .kh domain registrants).
## DNS Verification
The registry will publish the required DNS verification record and keep it in place
for the duration of the listing.
This change allows direct second-level registrations (example.kh).
However, Let's Encrypt currently returns the following error when attempting issuance:
"Invalid identifiers requested :: Cannot issue for 'example.kh': Domain name is an ICANN TLD"
This suggests the PSL snapshot used by Let's Encrypt may not yet include the updated rule.
Could you advise when the updated PSL will be imported into the ACME validation system?
Thank you.
Pichponleur Pen
1 Like
Hi there. We consume the Public Suffix List via weppos/publicsuffix-go, and all changes go through our own review cycle, so there is often a delay before our systems reflect PSL updates. We'll be working on this; it will likely be updated within the next two weeks but we cannot guarantee a specific timeframe.
9 Likes
Hi @JamesLE ,
Thank you very much for the update and for explaining the Let's Encrypt review cycle. We appreciate the team's help in getting this rolled out over the next couple of weeks so local domains can properly provision certificates.
This answers our questions on the Let's Encrypt side, so we are all set here. Thanks again for your time!
4 Likes
system
April 15, 2026, 3:41am
4
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.