• 14

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191


File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

We have purchased 2 SSL UCC certificates from GoDaddy a few months ago for something like myandy.com and myandy.com.au, and I had defined the following Subject Alternative Names:

  • gateway
  • services
  • x ...

They all got approved and in production for a few months.

A few weeks ago, I got an Email from Godaddy stating "Your certificate will be revoked if you do not take action to remove the new gtld domain from the certificate.". Since the Email did not mention which part of the certificate was wrong, and overall looks like a Spam, I ignored it.

2 weeks later the SSL certificate of myandy.com got revoked, so I asked GoDaddy what exactly was wrong in the certificate, and finally GoDaddy had clarified:

The issue lies with the SAN [SERVICES].

You had certificate that contained a Common Name that is solely SERVICES. This is a valid Top Level Domain (gTLD) listed with The Internet Assigned Numbers Authority (IANA) for external use. All valid domains must be authenticated by the holder of the domain before they can be issued.

For a complete Database of Top Level Domains managed by IANA please visit the link below.


As this is the gTLD and there is no possibility to register with the .SERVICES registry for a blank domain, the SAN was required to be removed and/or replaced with a different local name that does not have a listing in IANA or a fully qualified domain to avoid revocation.

However, the whole thing is looking strange to me.

I had some services running on services.myandy.com. Then later IANA releases some new Top Level Domain as documented at http://www.iana.org/domains/root/db, so I could not use Services as my subdomain anymore?

If this is true, tv.channel7.com can not be used anymore unless tv.channel7.com gets authenticated by the holder of channel7.tv before the certificate issued; or even the certificate had been issued, the certificate will be revoked because of the newly released top level domains?

If I am using X.myandy.com, then IANA release a new gTLD, then I will not be able to use X.myandy.com?

Though Godaddy has raised the SAN vs gTLD issue with myandy.com, they did not do the same against myandy.com.au, which has the same SAN called Services. Did they hand pick randomly against myandy.com? (myandy.com and myandy.com.au are all registered in cheapdomains.com.au).

This is because SANs like gateway and services are not fully qualified.

In the case of services, it's actually a valid gTLD already. Others like gateway could potentially become valid at some point if ICANN decides to do so.

Solution would be to fully qualify your domain names. E.g., instead of gateway, use gateway.myandy.com.

Related: The tradition of using "invalid" TLDs like .local is also bad practice due to the same reasons stated above.

  • 5
Reply Report
      • 1
    • @AndyH you need to modify that SAN from gateway to gateway.myandy.com. Same with services. As others said, GoDaddy did you wrong (shocking!) by even allowing you to request those SANs to begin with.
      • 1
    • I don't quite follow. You said "Solution would be to fully qualify your domain names. E.g., instead of gateway, use gateway.myandy.com.", but I have been using gateway.myandy.com, and the SSL UCC certificate has gateway as SAN. So do you think that once IANA decides to release gateway as TLD, GoDaddy won't let me use gateway.myandy.com anymore?
      • 1
    • If you have only gateway in the SAN field, it is invalid. You need to have the FQDN gateway.myandy.com in SAN. The same applies for services.
    • As andy says "services" with no domain qualifier is the problem, and that is what was in a SAN field of your cert. GoDaddy should never have even issued a cert like that in the first place, and are correcting the mistake. Your SAN field should be "services.myandy.com", which is a valid fully qualified domain name. goDaddy will issue a cert for a FQDN that is valid, even if it starts with "services". If they won't, they're doing it wrong.

Trending Tags