Closed jmhodges closed 8 years ago
It's a bug in the generating code! RFC 952: "The last character must not be a minus sign or period."
According to 952 and 1123 each label (part between periods) must follow that rule. So ssl-.
I don't see a bug in certlint here.
Seeing some certlint errors occuring, it seems, because of dashes at the end of a part of a DNS name.
Like this one: https://crt.sh/?id=12297536&opt=cablint with the domain "ssl-.lenaundniklas.de" in it.
That dash at the end of "ssl-" seems to be the problem. Perhaps the Go url parser is too lax for allowing this, or maybe there's a weirdness in what's allowed in a SAN or CN or maybe there's a bug in certlint?