From d3cd3c432e6fa37887de89f283e4da019636c4d3 Mon Sep 17 00:00:00 2001
From: Michele Cereda <cereda.michele@gmail.com>
Date: Mon, 6 Jan 2025 19:40:08 +0100
Subject: [PATCH] chore(letsencrypt): tell about tld limitations

---
 knowledge base/acronyms and abbreviations.md |  1 +
 knowledge base/letsencrypt.md                | 15 +++++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/knowledge base/acronyms and abbreviations.md b/knowledge base/acronyms and abbreviations.md
index 9bdd5b5..b0a216d 100644
--- a/knowledge base/acronyms and abbreviations.md	
+++ b/knowledge base/acronyms and abbreviations.md	
@@ -114,6 +114,7 @@
 | TFE     | [TerraForm Enterprise]                                 |                                                                                                     |
 | TIL     | Today I Learned                                        |                                                                                                     |
 | TL;DR   | Too Long; Didn't Read                                  |                                                                                                     |
+| TLD     | Top Level Domain                                       |                                                                                                     |
 | UART    | Universal Asynchronous Receiver and Transmitter        |                                                                                                     |
 | UDP     | User Datagram Protocol                                 |                                                                                                     |
 | UFW     | Uncomplicated FireWall                                 |                                                                                                     |
diff --git a/knowledge base/letsencrypt.md b/knowledge base/letsencrypt.md
index a32f48a..03cc092 100644
--- a/knowledge base/letsencrypt.md	
+++ b/knowledge base/letsencrypt.md	
@@ -3,6 +3,7 @@
 1. [Challenges](#challenges)
    1. [DNS-01 challenge](#dns-01-challenge)
 1. [Limits](#limits)
+   1. [TLDs must be public](#tlds-must-be-public)
    1. [Duplicate certificates](#duplicate-certificates)
 1. [Further readings](#further-readings)
    1. [Sources](#sources)
@@ -37,6 +38,14 @@ the DNS gets too big.
 
 ## Limits
 
+### TLDs must be public
+
+Domain names must end in a public TLD to be certified by Let's Encrypt.
+
+As long as the domain to certify is listed in the [Public Suffix][public suffix tld list] or [IANA][iana tld list]
+lists, Let's Encrypt should be able to create certificates for it.<br/>
+One can check the domain on <https://letsdebug.net/> to confirm it.
+
 ### Duplicate certificates
 
 Refer [Duplicate certificate limit].
@@ -67,6 +76,9 @@ certificates for the `[example.com]` and `[login.example.com]` sets will succeed
 
 - [Challenge types]
 - [Duplicate certificate limit]
+- [Is LetsEncrypt compatible with all TLDs?]
+- [Public Suffix TLD list]
+- [IANA TLD list]
 
 <!--
   Reference
@@ -84,3 +96,6 @@ certificates for the `[example.com]` and `[login.example.com]` sets will succeed
 [website]: https://letsencrypt.org/
 
 <!-- Others -->
+[iana tld list]: https://www.iana.org/domains/root/db
+[is letsencrypt compatible with all tlds?]: https://community.letsencrypt.org/t/is-letsencrypt-compatible-with-all-tlds/142277/3
+[public suffix tld list]: https://publicsuffix.org/list/public_suffix_list.dat