Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
It produced this output:
2020/05/02 12:47:16 [INFO] [avtera.cloudapp.net] acme: Obtaining bundled SAN cer
tificate
2020/05/02 12:47:16 Could not obtain certificates:
acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/ne
w-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Error creating new o
rder :: Cannot issue for “avtera.cloudapp.net”:The ACME server refuses to issue
a certificate for this domain name, because it is forbidden by policy, url:
My web server is (include version): Apache 2.4.43
The operating system my web server runs on is (include version): Windows server 2012 R2
My hosting provider, if applicable, is: Azure
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Lego 3.5.0
The domain is owned by Microsoft.
All (non-Microsoft issued) certs on that domain expired 4 years ago.
It seems that MS doesn’t want any other CA to issue certs for it…
You may need to speak with them about that or to have them issue you another domain name.
[one that is allowed to have certs issued to it]
I would guess that it's banned for the same reason that something a subdomain of amazonaws.com is banned - it's a user content domain controlled by the cloud provider and can get re-assigned at any time.
You cannot obtain a TLS/SSL certificate from a certificate authority (CA) for the cloudapp.net domain."
This virtual machine was installed four years ago and it got a nice simple URL :-). I made a new VM recently in Azure and it got a much longer URL - “something.westeurope.cloudapp.azure.com”. For this domain name there is no problem getting Letsencrypt certificate.