Question: Problem with issuing SSL certificate under .ye domain

Hello,

I have problem with let’s encrypt for SSL certificate under .ye domain.

For example: if there is domain name called: hasti.ye , and I want to add the SSL to this domain

I will get error.

However, if I have such these domain names: hasti.com.ye or hasti.net.ye ; the SSL works fine.

How can I solve this problem?

Thanks in advance.

Regards

1 Like

I think this might be a bug in the Public Suffix List???

I see *.ye in the list, whereas I think the entry is supposed to just be ye. So it looks like everything under .ye, like com.ye, net.ye, and your hasti.ye is considered to be a top-level ICANN TLD?

Maybe .ye recently opened up second-level registrations and used to only have third-level available? That's a wild guess, though.

3 Likes

@petercooperjr

Thank you so much for your help.
May you advice me who should I contact to solve such this problem?

Regards,

1 Like

Hello @fatimahussein,

Seems the only ones who can solve this are TeleYemen. Two persons already raised two PRs to include ye ccTLD (Country Code Top Level Domain) in the public suffix list but there was no luck getting a response from TeleYemen to authorize the inclusion, maybe you would have more luck.

Take a look to these PRs trying to add ye ccTLD to PSL:

https://github.com/publicsuffix/list/pull/845
https://github.com/publicsuffix/list/pull/897

Cheers,
sahsanu

3 Likes

@sahsanu

Thank you so much, I will contact them. :slight_smile:

4 Likes

Hi @fatimahussein

that's expected. The Public Suffix List has

// ye : http://www.y.net.ye/services/domain_name.htm
*.ye

But there is no exclusion with your domain name. See

// ck : https://en.wikipedia.org/wiki/.ck
*.ck
!www.ck

See that domain http://www.ck/ - looks very, very old.

The ! means: Normally, www.ck would be a top level domain (and not a domain, so you can't create a certificate). But ! excludes www.ck, so this domain name is a domain, not a top level domain.

Perhaps it's possible to create such an entry

!hasti.ye

Because of that missing definition, Letsencrypt can't create a certificate. Only something like www.hasti.ye would be possible (but that's not what you want).

3 Likes

@JuergenAuer

Thanks a lot for your explanation. :slight_smile:

2 Likes