.lk domain issue

[snakehill]

This domain extension is supported by Let's Encrypt as it's on the public suffix list and is not internationalized/no IDN. However, I do receive the following upon using letsencrypt-vesta -u admin [domain].lk (with or without '-u'):

usage:
  certbot-auto [SUBCOMMAND] [options] [-d domain] [-d domain] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
cert. Major SUBCOMMANDS are:

  (default) run        Obtain & install a cert in your current webserver
  certonly             Obtain cert, but do not install it (aka "auth")
  install              Install a previously obtained cert in a server
  renew                Renew previously obtained certs that are near expiry
  revoke               Revoke a previously obtained certificate
  register             Perform tasks related to registering with the CA
  rollback             Rollback server configuration changes made during install
  config_changes       Show changes made to server config during installation
  plugins              Display information about installed plugins
letsencrypt: error: unrecognized arguments: www.[otherdomain].com www.[domain].lk
Let's encrypt returned an error status.  Aborting.

The [otherdomain].com pops up out of nowhere. It's on the same server and owned by the same user, but it's not linked to [domain].lk by any means. The domains are somewhat similar though (but only somewhat), in that they are like abcd.lk and abcdelkfgh.com.

When adding both domains to the same certificate, the same message appears, but with www.[otherdomain].com listed in the error twice. Obtaining a certificate for [otherdomain].com or other domains in the same user account works fine, as well as combining those in one certificate. It only messes up at [domain].lk.

[cyfocus]

I have similar issue with .co domains. I posted the issue at https://community.letsencrypt.org/t/can-not-encrypt-co-domains/17355

[jpitoniak]

This is an issue with either the Let's Encrypt CA or with the ACME client, not with letsencrypt-vesta specifically. You can tell by the last line of the output: "Let's encrypt returned an error status. Aborting." Basically, if certbot/letsencrypt returns an exit status of anything other than zero (zero being a successful completion), letsencrypt-vesta prints that message and aborts execution to prevent braking anything by trying to install a bad or non-existent cert.

When you get these types of errors, you should bring them up in the Let's Encrypt support forums, as they are beyond the scope of letsencrypt-vesta.

[snakehill]

Let's Encrypt says to fully support .lk and (the much more popular) .co. @cyfocus is the only one to ever point out to Let's Encrypt that he isn't able to encrypt .co domains, using letsencrypt-vesta, so I highly doubt it's a mistake on their end.

I also have no idea why it adds that .com domain for me, all by itself, whenever I try to just encrypt just the .lk one.

[jpitoniak]

What server OS are you using? I wonder if there could be some formatting issue that I'm accounting building the list of aliases or something.

[cyfocus]

I'm using Centos 7. I noticed the conflict, between my .co.uk and .co If I have the same domain name i.e. bizpr.co.uk and bizpr.co, the .co will not encrypt. But if I have a standalone .co, there is no issue, i.e https://bizads.co/

[snakehill]

CentOS 7 for me too. Can't seem to just get the .lk to encrypt though. Maybe that has to do with that it always pulls in the .com one which is only partially similar.