Blacklist mentioned upon renewal attempt

pocketapocketa · February 12, 2016, 6:13pm

Hi all,

I’m getting a message: “The request message was malformed :: Error creating new authz :: Name is blacklisted.”

I understand there is a blacklist. I can’t pick out too much from the log files, and what I can see seems to relate to errors rather than a blacklist.

At the time the error was thrown, the following is the error most comprehensible to me (which does not mean it is the most relevant).

“2015-11-11 19:48:11,164:DEBUG:letsencrypt.cli:Requested authenticator None and installer None”

Is it possible I am not blacklisted, but that I am simply doing something wrong?

Thanks,

Rob

jsha · February 12, 2016, 6:45pm

Can you share your domain name? The blacklist is a list of high-risk domains, and we can check if the domain name is on there.

Jason · February 12, 2016, 6:57pm

How do you include high-risk domains? So, how is this balcklist created? Only manually or is there any automatic process? If yes, how does it choose high-risk domains?

jsha · February 12, 2016, 6:59pm

It’s a manual process with a tool assist. We tweaked the tool a little bit, which may have led to @pocketapocketa’s domain being included where it wasn’t previously.

pocketapocketa · February 12, 2016, 7:09pm

Of course, sorry:

www.pocketapocketa.cz

Thanks,

jsha · February 12, 2016, 11:59pm

That definitely shouldn’t be on the list. Looks like we have a bug where SQL errors (e.g. a connection problem or a timeout) when checking the blacklist get turned into “Name is blacklisted.” This is obviously wrong and confusing. I’ve filed a bug, and we’ll fix: https://github.com/letsencrypt/boulder/issues/1491. Thanks for reporting!

pocketapocketa · February 13, 2016, 1:58pm

That’s for letting me know. Such bugs are to be expected at this stage. I’ll look into it further and see if I can debug it my end.

Many thanks and keep up the good work