Yesterday afternoon, I added "my.pdpworks.com" to our production application at Heroku utilizing their Automatic Certificate Management (Let's Encrypt) service. Normally, the Let's Encrypt certificates are applied within an hour. For "my.pdpworks.com", the status is stuck at "Domain verified". I received an email from Heroku indicating "Automated Certificate Management has failed for the following domains: my.pdpworks.com." The reason given is "Domain considered unsafe". When I check Google Transparency Report, the result is "Current status: No unsafe content found". Note that the Let's Encrypt certificate is applied to "**www.**my.pdpworks.com"
Heroku support states:
"The error
domain is unsafe
comes up when Let's Encrypt considers allocating a cert to this domain as unsafe as noted here.
As far as I know, there is not much we(Heroku) can do here. I realize that we built this feature on top of Let's Encrypt service, but it may be worth your time to inquire with them directly about any options that might be available for domains in that situation."
Please advise. What is Let's Encrypt considering unsafe? What corrective action is needed?
My domain is: my.pdpworks.com (no issue for www.my.pdpworks.com). The zone file is managed at AWS Route53.
I ran this command: Google Transparency Report
It produced this output: "Current status: No unsafe content found"
My web server is (include version): Heroku Common Runtime PaaS
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is: Heroku, Common Runtime
I can login to a root shell on my machine (yes or no, or I don't know): No
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Heroku console
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):