Requesting certificate doesn't work

When I am trying to create certificate it shows below error

"An unexpected error occurred:
The server will not issue certificates for the identifier :: Error creating new order :: Cannot issue for "appp002.X.YY.local": Domain name does not end with a valid public suffix (TLD)"

I have domain entry and ssl works for it and it expires 15.07.2021. But I can't renew it.

I'm very much doubting you've managed to get a certificate for the .local top level domain ever with Let's Encrypt. That's just not possible.

4 Likes

I'm not sure how my previous post could have been any more clear than it is now, but in any case:

There has not been any certificate issued for that domain by Let's Encrypt, nor by any other Certificate Authority since Certificate Transparancy logs were mandated:

https://crt.sh/?q=naztech.local&deduplicate=y

If any CA did, it would have been a violation of the CA/Browser Forum Baseline Requirements.

4 Likes

The .local TLD. is specially assigned for multicast DNS. You might have your systems using multicast DNS within your network, or you might have configured your local DNS server to resolve names for it (which can sometimes work but sometimes devices will try multicast DNS for it regardless). But in any event, that TLD isn't public on the Internet but names within it can only work within your network.

Public CAs (like Let's Encrypt) can only issue certificates for public domain names. You either want to use a public domain name instead (which you can do even if the computers aren't accessible on the Internet as long as a DNS server for the name is public and can handle DNS-01 challenges), or you want to set up your own private CA that's only trusted within your network.

4 Likes

Please show us the previously working and now expired public cert.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.