Requested domain is not a FQDN

mmaedler · January 2, 2016, 12:19pm

Hello and a Happy New Year!

I have a domain I want to obtain a cert for that contains an underscore. Therefore the letsencrypt-auto returns the following error: “Requested domain is not a FQDN”.
I’ve searched through the code for the error message and it turned out that the regex that is used to validate a Domain name is lacking the underscore as valid char. According to http://www.ietf.org/rfc/rfc2181.txt Section 11 there is only a length limit on domains — so a Domain containing an “_” should a perfectly fine as a FQDN.

Is there a way to circumvent the validation?

Thanks and have a good start into the new year 2016!

serverco · January 2, 2016, 12:34pm

Happy New Year

Not my area of expertise, but I think in RFC 1123, the only characters that can be used in DNS labels are “A” to “Z”, “a” to “z”, “0” to “9”, and the hyphen ("-"). The period [.] is also used in DNS names, but only between DNS labels. So I don’t think a domain name with an underscore “_” does strictly follow the rules.

If the check is done in the client, you may be able to use one of the alternate clients.

tlussnig · January 2, 2016, 12:47pm

Yes and no.
FQDN allow underscore but this is not valid vor A Record.
And since TLS validate Host entries we are talking about A (AAAA) Record only.

Topic		Replies	Views
Request certificate with underscore character Help	3	787	August 3, 2023
Domain validation with DNS Help	2	2005	March 10, 2018
Underscore ("_") as a valid domain name? Server	6	17991	May 21, 2017
Question related to DNS SRV entry request Help	7	1393	June 17, 2019
Requested domain is not a FQDN because it contains an empty label Help	12	21511	April 8, 2017

Requested domain is not a FQDN

Related topics