Supported domain names for Cert

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:what-makes-a-domain-name-so-memorable-that-you-never-forget-it.sbs

I ran this command:Auto SSL on Hostinger

It produced this output:too long

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:hostinger

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

What's your question exactly?

Because right now your thread looks more as spam than an actual request for help..

2 Likes

I guess this is real.

Please give the entire error, Let's Encrypt doesn't have any issue (anymore) with your 67-char long domain name. Your acme client might be a different story.

6 Likes

There is also a length limit on labels in DNS (the parts in between the dots). “what-makes-a-domain-name-so-memorable-that-you-never-forget-it” is 62 characters so that should be OK.

It seems most likely the client here is encoding an invalid CSR with a CN that is too long. With the exact error message returned from Let’s Encrypt I can confirm that.

AutoSSL is I believe a cpanel plugin, which I don’t personally have experience using so I don’t have more advice offhand.

5 Likes

The fun. part is hostinger provides a free SSL. You don't ask you just get it. I did not for this domain. There was no error message passed to me. In fact nothing comes back. not even their menu for that option. I was told in a chat that the name is over 63 characters. also this is a restriction of the CERT.
So here I am. I have never installed manually and know nothing about it.
Here to learn. It is registered and hosted but not secure.

1 Like

Using the online tool Let's Debug yields these results for the HTTP-01 challenge
of the Challenge Types - Let's Encrypt

https://letsdebug.net/what-makes-a-domain-name-so-memorable-that-you-never-forget-it.sbs/1756132

MultipleIPAddressDiscrepancy
WARNING
what-makes-a-domain-name-so-memorable-that-you-never-forget-it.sbs has multiple IP addresses in its DNS records. While they appear to be accessible on the network, we have detected that they produce differing results when sent an ACME HTTP validation request. This may indicate that some of the IP addresses may unintentionally point to different servers, which would cause validation to fail.
[Address=2a02:4780:1d:1c80:ce41:6283:d6a6:ce9,Address Type=IPv6,Server=hcdn,HTTP Status=404] vs [Address=149.100.151.11,Address Type=IPv4,Server=LiteSpeed,HTTP Status=404]
1 Like

I'm not sure what you're expecting people here to be able to do for you? That sounds like the character length is a restriction on your hoster's side. If all you have is control panel access (instead of a "server" where you can log in and install software), then you would need your hoster's support.

4 Likes

Not all I have. But All I have used. Again I am told--- I have all the support at Hostinger to install my self. I am finding/looking for what I need. Before I do the work, I am asking for the real problem. I told Hostinger it is their problem and as expected they say it is not in their control.so?

This is from Letsencrypt.org
For most people it is better to request Let’s Encrypt support from your hosting provider, or switch providers if they do not plan to implement it.

Getting Help

If you have questions about selecting an ACME client, or about using a particular client, or anything else related to Let’s Encrypt, please try our helpful community forums.
So. Here I am. Learning. Help or complain, Both are good for me?

1 Like

Sure. And we're happy to help to try to recommend an ACME client to you, we just don't have much to go on to help you. What do you have access to? What is your web server and how do you configure it? There are a lot of questions in the first post that you left blank, and if you don't know the answers to them then neither do we.

4 Likes

Great why do different IP Address give different responses for the domain?

1 Like

Peter, where do you host your website? So I understand your background, I am not running my server. I share on Hostinger servers. Do you run your own server farm? I have run and configured an apache server on my local network for practice. Now I supply the html, php, and user files, Hostinger supplies the hardware and the interface. Which ISP do you use?
Ed

If you aren't running a server and are using shared hosting, then getting a certificate is entirely the responsibility of your hoster.

If you're looking at moving from shared hosting to becoming a server administrator, that's a significantly more complicated topic that I don't have the time to try to talk through the various options (what I personally do is pretty convoluted), but I would think that getting a certificate would be one of the easier part of that entire process.

If you're comfortable with shared hosting, but just aren't happy with your current provider, there are plenty of other options out there. I personally don't have a recommendation, but you may want to confirm that they can handle certificates with names that are that long if you really want to use a name that long. As was mentioned earlier, support for long names was only recently added on the Let's Encrypt side, and it may be some time before various clients also support it.

5 Likes

I'd try combining the long name with a much shorter name - and set the shorter name as the CN.
Not sure about how to do that on the client you have... So, the direction is very vague [I know].

4 Likes

https://letsdebug.net/what-makes-a-domain-name-so-memorable-that-you-never-forget-it.sbs/1756216?debug=y shows there is one IPv4 Address and one IPv6 Address and that they do not respond the same.
"This may indicate that some of the IP addresses may unintentionally point to different servers, which would cause validation to fail."

1 Like

IPv4 & IPv6 have different servers for the domain name what-makes-a-domain-name-so-memorable-that-you-never-forget-it.sbs

IPv4 - server: LiteSpeed

>curl -4 -Ii http://what-makes-a-domain-name-so-memorable-that-you-never-forget-it.sbs/.well-known/acme-challenge/sometestfile
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
content-length: 150
date: Wed, 03 Jan 2024 03:17:08 GMT
server: LiteSpeed
platform: hostinger

IPv6 - Server: hcdn

>curl -6 -Ii http://what-makes-a-domain-name-so-memorable-that-you-never-forget-it.sbs/.well-known/acme-challenge/sometestfile
HTTP/1.1 404 Not Found
Server: hcdn
Date: Wed, 03 Jan 2024 03:17:23 GMT
Content-Type: text/html
Content-Length: 150
Connection: keep-alive
Vary: Accept-Encoding
platform: hostinger
x-turbo-charged-by: LiteSpeed
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 961c90c2b27a849577fe3b12460c1000-phx-edge3
1 Like

Also www.what-makes-a-domain-name-so-memorable-that-you-never-forget-it.sbs has a CNAME pointing to www.what-makes-a-domain-name-so-memorable-that-you-never-forget-it.sbs.cdn.hstgr.net. as seen in the above image.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.