diff --git a/knowledge base/acronyms and abbreviations.md b/knowledge base/acronyms and abbreviations.md
index 9bdd5b5..b0a216d 100644
--- a/knowledge base/acronyms and abbreviations.md
+++ b/knowledge base/acronyms and abbreviations.md
@@ -114,6 +114,7 @@
| TFE | [TerraForm Enterprise] | |
| TIL | Today I Learned | |
| TL;DR | Too Long; Didn't Read | |
+| TLD | Top Level Domain | |
| UART | Universal Asynchronous Receiver and Transmitter | |
| UDP | User Datagram Protocol | |
| UFW | Uncomplicated FireWall | |
diff --git a/knowledge base/letsencrypt.md b/knowledge base/letsencrypt.md
index a32f48a..03cc092 100644
--- a/knowledge base/letsencrypt.md
+++ b/knowledge base/letsencrypt.md
@@ -3,6 +3,7 @@
1. [Challenges](#challenges)
1. [DNS-01 challenge](#dns-01-challenge)
1. [Limits](#limits)
+ 1. [TLDs must be public](#tlds-must-be-public)
1. [Duplicate certificates](#duplicate-certificates)
1. [Further readings](#further-readings)
1. [Sources](#sources)
@@ -37,6 +38,14 @@ the DNS gets too big.
## Limits
+### TLDs must be public
+
+Domain names must end in a public TLD to be certified by Let's Encrypt.
+
+As long as the domain to certify is listed in the [Public Suffix][public suffix tld list] or [IANA][iana tld list]
+lists, Let's Encrypt should be able to create certificates for it.
+One can check the domain on to confirm it.
+
### Duplicate certificates
Refer [Duplicate certificate limit].
@@ -67,6 +76,9 @@ certificates for the `[example.com]` and `[login.example.com]` sets will succeed
- [Challenge types]
- [Duplicate certificate limit]
+- [Is LetsEncrypt compatible with all TLDs?]
+- [Public Suffix TLD list]
+- [IANA TLD list]
+[iana tld list]: https://www.iana.org/domains/root/db
+[is letsencrypt compatible with all tlds?]: https://community.letsencrypt.org/t/is-letsencrypt-compatible-with-all-tlds/142277/3
+[public suffix tld list]: https://publicsuffix.org/list/public_suffix_list.dat