When I try to get a certificate for a domain with an underscore in the subdomain I get the following error message:
Error: malformed :: The request message was malformed :: Error creating new authz :: Invalid character in DNS name
edit: removed patch, will not be able to provide one in desired format
If you'd like to make a patch, we don't accept them as anything other than pull requests.
I did take a look at that one at that patch, though. Unfortunately, it would also allow eTLD+1 names (the not-a-subdomain domain part) to include a _, as well which is definitely not allowed. There's also no tests.
We'd welcome a PR that handled subdomains differently than the eTLD+1 names and tests!
(Oh, also, it as to fix up the dnsLabelRegexp that is annoyingly also used.)
Closing as won't fix.
Taken from #1437:
RFC 952 and 1123 outline that the safe hostname character set is
[a-zA-Z0-9-](with special rules about where hypens can appear). While certain DNS RR types (DomainKeys and SRV) are allowed to use underscores in record names these are not valid _hostnames_.
I understand this won't be fixed. Please put me down as one of the people affected.
Also being affected with this problem and I understand this won't be fixed BUUUUUT
may i ask what is the harm of displaying "you can't have a underscore character because of this RFC try a hyphen instead" that way people aren't left in the dark?
If you'd like to submit a PR, we'll take a look at it!
@jsha Cool!
I'd love to try to tackle that
@jsha after looking at other errors in policy/pa.go
on line ~ 182 in the var declaration block i see
errInvalidDNSCharacter = berrors.MalformedError("Invalid character in DNS name")
and i'm not sure how good it'd be to alter that message since none of the other error messages contain the requirements in them
plus i feel like the i was mostly annoyed just because i was unaware of not being able to have underscores and now it doesn't seem like such a big deal lol
thanks!