Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command: sudo certbot -d $WILDCARD --manual --preferred-challenges dns certonly
It produced this output: Starting new HTTPS connection (1): supporters.eff.org
Obtaining a new certificate
An unexpected error occurred:
Error creating new order :: Cannot issue for “*.domain”: Name does not end in a public suffix
Please see the logfiles in /var/log/letsencrypt for more details.
My web server is (include version): Amazon Lightsail
The operating system my web server runs on is (include version): Ubuntu 16.04.6
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): Yes using web based SSH
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
Certbot can't autorenew certificates that require DNS challenges unless you give it a way to create DNS TXT records in your zone without human intervention (because the DNS TXT record will be different for each renewal—just maintaining the original TXT record is of no benefit). You may be able to do this, depending on how your DNS is hosted and whether it can be updated from software.
Yes, that's right. The idea is that the exact URL that was mentioned here has to exist on your site, and it has to have the exact text content that was indicated. So if you're doing that yourself, you might arrange to do that by uploading a text file to your site with that content, under that location.
But for wildcard certificates the validation method will require creating DNS records rather than creating files on your server.
More information about these methods of proving your control of domain names is at
I am using wordpress and lightsail, I don’t have a cpanel, and I don’t know how to upload the txt file, It asked me to create a DNS record which I did and I checked on mxtoolbox and it says that one is okay. I just don’t know what to do with the above response
No I think lightsail is pretty limited, I don’t know if there is an integrate transfer system setup to push lightsail into AWS and route 53, currently the domains are registered with godaddy, but all the DNS & networking is setup in lightsail.
I was just following the lightsail tutorial on how to setup letsencrypt and thats what it was telling me.