Let's Encrypt will not issue certs for non-valid public suffixes
.dcn is not a valid top-level domain, as in: it's not registered by IANA at this time. Let's Encrypt (LE) will not issue certificates for subjects that do not have a valid public suffix
See ACME protocol
2. Deployment Model and Operator Experience
[...]
o The CA verifies that the client controls the requested domain
name(s) by having the ACME client perform some action(s) that can
only be done with control of the domain name(s). For example, the
CA might require a client requesting example.com to provision a
DNS record under example.com or an HTTP resource under
http://example.com.
Could be mentioned in the following articles:
-
https://docs.gitlab.com/omnibus/settings/ssl.html#lets-encrypt-integration -
https://docs.gitlab.com/ee/user/project/pages/custom_domains_ssl_tls_certification/lets_encrypt_integration.html#gitlab-pages-integration-with-lets-encrypt
Ticket: 184267
Agent: Niklas Janz
Edited by Niklas Janz