Requested domain is not a FQDN


#1

Hello and a Happy New Year!

I have a domain I want to obtain a cert for that contains an underscore. Therefore the letsencrypt-auto returns the following error: “Requested domain is not a FQDN”.
I’ve searched through the code for the error message and it turned out that the regex that is used to validate a Domain name is lacking the underscore as valid char. According to http://www.ietf.org/rfc/rfc2181.txt Section 11 there is only a length limit on domains — so a Domain containing an “_” should a perfectly fine as a FQDN.

Is there a way to circumvent the validation?

Thanks and have a good start into the new year 2016!


#2

Happy New Year :slight_smile:

Not my area of expertise, but I think in RFC 1123, the only characters that can be used in DNS labels are “A” to “Z”, “a” to “z”, “0” to “9”, and the hyphen ("-"). The period [.] is also used in DNS names, but only between DNS labels. So I don’t think a domain name with an underscore “_” does strictly follow the rules.

If the check is done in the client, you may be able to use one of the alternate clients.


#3

Yes and no.
FQDN allow underscore but this is not valid vor A Record.
And since TLS validate Host entries we are talking about A (AAAA) Record only.