Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command: sudo certbot -d $WILDCARD --manual --preferred-challenges dns certonly
It produced this output: Starting new HTTPS connection (1): supporters.eff.org
Obtaining a new certificate
An unexpected error occurred:
Error creating new order :: Cannot issue for “*.domain”: Name does not end in a public suffix
Please see the logfiles in /var/log/letsencrypt for more details.
My web server is (include version): Amazon Lightsail
The operating system my web server runs on is (include version): Ubuntu 16.04.6
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): Yes using web based SSH
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
Certbot can't autorenew certificates that require DNS challenges unless you give it a way to create DNS TXT records in your zone without human intervention (because the DNS TXT record will be different for each renewal—just maintaining the original TXT record is of no benefit). You may be able to do this, depending on how your DNS is hosted and whether it can be updated from software.
Yes, that's right. The idea is that the exact URL that was mentioned here has to exist on your site, and it has to have the exact text content that was indicated. So if you're doing that yourself, you might arrange to do that by uploading a text file to your site with that content, under that location.
But for wildcard certificates the validation method will require creating DNS records rather than creating files on your server.
More information about these methods of proving your control of domain names is at
when I go to setup a DNS record under lightsail it doesn’t allow me to point the txt to the specific location, it just lets add a prefix to my domain. Sorry super new to this.
Are you confusing the TXT record (DNS-01 challenge) with the file upload (HTTP-01 challenge)? Did you get a message with a specific TXT record that you have to create?
I am using wordpress and lightsail, I don’t have a cpanel, and I don’t know how to upload the txt file, It asked me to create a DNS record which I did and I checked on mxtoolbox and it says that one is okay. I just don’t know what to do with the above response
Thats what the tutorial was saying, but it didn’t give me the second txt entry it just told me to make the txt file, how do I start the command again for the 2nd txt entry.
No I think lightsail is pretty limited, I don’t know if there is an integrate transfer system setup to push lightsail into AWS and route 53, currently the domains are registered with godaddy, but all the DNS & networking is setup in lightsail.
I was just following the lightsail tutorial on how to setup letsencrypt and thats what it was telling me.