Not able to get certificates for .technology TLD

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: offgrid.technology

I ran this command:
Used Acme Plugin for PFSense

It produced this output:
MGMT_Cert_COLOFW1
Renewing certificate
account: Offgrid
server: letsencrypt-staging-2

/usr/local/pkg/acme/acme.sh --issue --domain 'colofw1.offgrid.technlogy' --webroot pfSenseacme --home '/tmp/acme/MGMT_Cert_COLOFW1/' --accountconf '/tmp/acme/MGMT_Cert_COLOFW1/accountconf.conf' --force --always-force-new-domain-key --reloadCmd '/tmp/acme/MGMT_Cert_COLOFW1/reloadcmd.sh' --log-level 3 --log '/tmp/acme/MGMT_Cert_COLOFW1/acme_issuecert.log'
Array
(
[path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[folder] =>
)
[Fri Mar 22 03:52:20 +05 2024] Using CA: https://acme-staging-v02.api.letsencrypt.org/directory
[Fri Mar 22 03:52:20 +05 2024] Using pre generated key: /tmp/acme/MGMT_Cert_COLOFW1/colofw1.offgrid.technlogy/colofw1.offgrid.technlogy.key.next
[Fri Mar 22 03:52:20 +05 2024] Generate next pre-generate key.
[Fri Mar 22 03:52:21 +05 2024] Single domain='colofw1.offgrid.technlogy'
[Fri Mar 22 03:52:21 +05 2024] Getting domain auth token for each domain
[Fri Mar 22 03:52:22 +05 2024] Create new order error. Le_OrderFinalize not found. {
"type": "urn:ietf:params:acme:error:rejectedIdentifier",
"detail": "Error creating new order :: Cannot issue for "colofw1.offgrid.technlogy": Domain name does not end with a valid public suffix (TLD)",
"status": 400
}
[Fri Mar 22 03:52:22 +05 2024] Please check log file for more details: /tmp/acme/MGMT_Cert_COLOFW1/acme_issuecert.log

My web server is (include version):
PfSense 2.7.2

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:
Dedicated Server in a Colo

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
PfSense

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

TLD List:
https://www.iana.org/domains/root/db
https://www.iana.org/domains/root/db/technology.html

Hello @N1ghtS7alker, welcome to the Let's Encrypt community. :slightly_smiling_face:

Using the online tool Let's Debug yields these results https://letsdebug.net/offgrid.technology/1843963

CloudflareCDN
WARNING
The domain offgrid.technology is being served through Cloudflare CDN. Any Let's Encrypt certificate installed on the origin server will only encrypt traffic between the server and Cloudflare. It is strongly recommended that the SSL option 'Full SSL (strict)' be enabled.
https://support.cloudflare.com/hc/en-us/articles/200170416-What-do-the-SSL-options-mean-

Likely your Cloudflare CDN is not set SSL option 'Full SSL (strict)' be enabled.

2 Likes

You have a typo. technlogy instead of technology

9 Likes

My god that was it, I was kicking myself. Thank you for the sanity check!

8 Likes