Bibliomobile.tg (Error creating new authz :: Policy forbids issuing for name)


#1

When generating certificate for www.bibliomobile.tg (via Virtualmin), we receive this error : “Error creating new authz :: Policy forbids issuing for name” Is there any chance in getting our domain bibliomobile.tg getting whitelisted ?


#2

We recently observed a relatively large spike in suspicious issuance to .tg domains. Validation was properly completed (the certificates were properly issued from Let’s Encrypt’s point of view) but we have come to suspect that the integrity of the .tg TLD system has been compromised.

We don’t know exactly what happened yet (our access to information about .tg control systems is limited), but as a result of our suspicions we have temporarily suspended all issuance to .tg domains. This block was put in place on November 2nd and will remain in place until we have reason to believe that potential issues with .tg control systems have been resolved. We also revoked 38 certificates issued to .tg domains on or after October 31.

Our investigation is ongoing. We hope to re-enable issuance to .tg domains soon. We will likely publish more information after our investigation has concluded.

Apologies for any inconvenience. This is an unusual situation and we felt that the steps we took were necessary in light of suspected registry or related control system compromise.


Site on Domain Blacklist
Sortir.tg seems to be blacklisted
#3

I’d be curious to see if you have any updates to this issue. My domain ( mrk.tg ), which I registered in 2010, recently failed its LE renewal with this error. My cert is still valid for the moment, but I’m concerned about what will happen when it does expire on 12/9/2017.

We’ve used the domain as a URL shortener for a number of years now and have published a ton of links with it. If there’s a whitelisting or manual review process, I’d be interested in participating.

Thanks very much for your efforts. I can only imagine the difficulties you face in situations like these, and I applaud your vigilance over the LE ecosystem.

Thanks!


#4

@TheDavidJohnson, this would likely serve you better as a new topic, as opposed to attaching to this one. Think of this forum like a listing of community support tickets.


#5

Hi @solibres, @TheDavidJohnson, others,

Let’s Encrypt has resumed issuing to .tg domains. You should no longer receive a “Policy forbids issuing for name” error when issuing certificates for .tg domains.


#6

Thanks, @cpu – I appreciate it! My .tg cert renewed recently without a problem.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.