Free SSL fails for custom domain

### Website URL

Error Message

(SSL certificate error: The provider returned an unknown error. Please try again later.)

Other Information

I’ve got my own domain which is all setup and working. I’ve added the CNAME info to the zone file, but when I try to generate a free SSL cert, it fails for an unspecified reason.

Any help would be greatly appreciated.

try requesting again, or use a different Certificate Authority

(I suggest Google Trust Services)

3 Likes

I checked what happened to your order. It seems that Let’s Encrypt is rejecting our attempt to place an order for your domain, with the following reason:

The server will not issue certificates for the identifier: NewOrder request did not include a SAN short enough to fit in CN

It’s really weird, but it seems that Let’s Encrypt doesn’t want to issue a certificate for your domain name because it’s too long.

Doing some investigation into why teaches me something I didn’t know either. It seems that the standards (RFC3280) say there is a maximum size for a domain name for SSL certificates, which is 64 characters. You domain name is 67 characters. Let’s Encrypt enforces the standard and refuses the order.

You could try to get a certificate from GoGetSSL, Google Trust or ZeroSSL instead. But I don’t know which of them enforces that same 64 character limit and which doesn’t, so you may need to figure that out for yourself.

You can select which SSL provider you want by creating a new SSL order and opening the Advanced Options panel.

9 Likes

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.