Question related to DNS SRV entry request

#1

Hi Friends,
I would like only clarification if possible, related to concerning what to include in the DNS letsencrypt request.
Do SRV entry come in be included in the certbot request?

For example I’ve Prosody (XMPP) operative and one of this entry is:

_xmpp-client._tcp.3x1t.org

Should I request to add it into the my own cumulative certificate?

Many thanks!

Davide

#2

Hi,

I think a old stack overflow thread might be able to resolve your question:

Thank you

2 Likes
#3

Also, I’m pretty sure you can’t get a certificate for a name that contains an underscore.

#4

Just verified this against staging env using _underscore.example.com because it actually surprised me.

Error creating new order :: Invalid character in DNS name

Now I’m curious why the limitation exists. Underscores are valid DNS characters, right? Is this a CAB enforced limitation?

#5

Yikes, now I’m even more confused. Sometimes it’s a wonder any of this Internet stuff works at all.

#6

It does appear to be a CAB enforced limitation:

I don’t know the exact reasoning behind it.

#7

Are underscores allowed in domain and host names ?
see
https://www.rfc-editor.org/rfc/rfc952.txt
underscores at the beginning of a DNS record have been recently standardized for services
http://www.rfc-editor.org/rfc/rfc8552.txt
but certificates are not used for services as explained in the stackoverflow thread.