Hi Friends,
I would like only clarification if possible, related to concerning what to include in the DNS letsencrypt request.
Do SRV entry come in be included in the certbot request?
For example I’ve Prosody (XMPP) operative and one of this entry is:
_xmpp-client._tcp.3x1t.org
Should I request to add it into the my own cumulative certificate?
Many thanks!
Davide
Hi,
I think a old stack overflow thread might be able to resolve your question:
ssl, slapd, srv-record
Thank you
2 Likes
Also, I’m pretty sure you can’t get a certificate for a name that contains an underscore.
Just verified this against staging env using _underscore.example.com
because it actually surprised me.
Error creating new order :: Invalid character in DNS name
Now I'm curious why the limitation exists. Underscores are valid DNS characters, right? Is this a CAB enforced limitation?
Yikes, now I’m even more confused. Sometimes it’s a wonder any of this Internet stuff works at all.
It does appear to be a CAB enforced limitation:
The voting period for Ballot SC12 has ended and the Ballot has Passed. Here are the results: Voting by Certificate Issuers – 23 votes total including abstentions 20 Yes votes: Actalis, Amazon, Buypass, Camerfirma, Certum (Asseco), Sectigo...
I don’t know the exact reasoning behind it.
Are underscores allowed in domain and host names ?
see
https://www.rfc-editor.org/rfc/rfc952.txt
underscores at the beginning of a DNS record have been recently standardized for services
http://www.rfc-editor.org/rfc/rfc8552.txt
but certificates are not used for services as explained in the stackoverflow thread.
system
Closed
June 17, 2019, 9:14am
8
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.