Domain name does not end with a valid public suffix (TLD)

[fly-man-]

I thought that when I set the Domain mode to lockdown to only be able to use the domains I specified it would be able to do

*.grandhotel.internal

But for some reason LabCA returns the following error when requesting a certificate:

root@servicehub:/home/service/lego# ./lego --server https://local-ca/directory -a -m beheerder@grandhotel.local --http -d *.grandhotel.internal run
2023/11/17 20:35:06 [INFO] [*.grandhotel.internal] acme: Obtaining bundled SAN certificate
2023/11/17 20:35:06 Could not obtain certificates:
        acme: error: 400 :: POST :: https://local-ca/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Error creating new order :: Cannot issue for "*.grandhotel.internal": Domain name does not end with a valid public suffix (TLD)

Is this something that's build into Boulder to "reject" the domainname and how do I allow .internal to be used within my homelab ?

[hakwerk]

It should indeed work for non-official TLDs. Is there some more information in the server logs?

I think someone once had this issue because the domain configured in the lockdown started with a dot, which it shouldn't.

[fly-man-]

• Checked the logs, no errors popping up

• Checked the configuration and the domain is correctly in there, only difference that I have is that I am 1 revision behind (July 2023 instead of October 2023)

Oddly I think I might have to just grab a backup from my configs and then reinstall ?