Stage at which new TLD is supported


#1

As the registry for a new TLD (.eco), I’m interested in using a LetsEncrypt certificate for our NIC site. The request fails due to “Name does not end in a public suffix”, so I assume that the TLD is not supported yet. I read on the forum that LetsEncrypt supports all TLDs in the IANA Root Zone (http://www.iana.org/domains/root/db) which does include .eco. At what point will the new TLD be supported? It looks like DigiCert is validates the name and is prepared to sell me a cert.


#2

You may need for .eco to appear in the Public Suffix List. https://publicsuffix.org/list/


#3

Hi @exortech,

@tialaramex is correct - .eco needs to be in the public suffix list (PSL). Luckily this already happened.

However, this is neccesary but not sufficient for Let’s Encrypt to start issuing certificates for this new TLD. It also has to be merged into the publicsuffix-go library Boulder uses. This has been done as well, but in a version more recent than what Boulder is using.

So the long and short is that before you can issue for this TLD we need to update the Boulder publicsuffix-go dependency, deploy the update to staging, and deploy the update to production. I can start the ball rolling [with Issue 2204] (https://github.com/letsencrypt/boulder/issues/2204) but I can’t promise a timeline. At the minimum it would likely be ~1-2 weeks.

Thanks for your patience!


#4

Hi @cpu! Thanks for the quick work on picking this up and getting the ball rolling. I just retried regenerating the cert, and it failed with the same issue. So, I assume that the Boulder dependency has not yet been integrated. Is there a way for me to follow how this is progressing?


#5

You can subscribe to status updates here. Whenever a new version of Boulder is released, you’ll get an email with a link to a changelog, e.g. something like this: https://github.com/letsencrypt/boulder/compare/b5f4914...9ccfbce

You’re looking for this commit - once it’s included in one of the change logs, and that change is successfully deployed to the “acme-v01.api.letsencrypt.org (Production)” component, issuance for .eco should start working.


#6

The update is active in the staging environment as of Tuesday. It should be deployed to production today unless something unusual comes up.

@pfg’s answer should be all you need to follow the progress. Thanks @pfg!!!


#7

Quick follow-up: the production update for today was cancelled. It will be at least another week.


#8

Hello again @exortech, hope you are doing well.

I have good news! The updated public suffic list with .eco was enabled in production today. You should be all set.

Apologies for the delays, thanks again for understanding!


#9

Awesome! Thanks so much for letting me know :slight_smile:


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.