Blacklisted domain


#1

I am trying to generate a cert for my VPS, on linode, and getting

An unexpected error occurred:
The request message was malformed :: Error creating new authz :: Name is blacklisted

I am using the domain name of [redacted].members.linode.com

I’m not finding any info in the forums, but is this domain blacklisted? I really don’t want to have to deal with setting up/purchasing a DNS name so I can play with letsEncrypt…


Apache : failed authorization procedure
#2

Someone probably decided Linode was too much of a phishing target, though not sure how the blacklist was compiled.

Only thing I can think of is getting a free domain somewhere else. I believe all .tk domains are free, otherwise you could probably try some DynDNS provider (as long as they’re on the public suffix list, to avoid rate limiting issues). CloudFlare offers free DNS on top of that (you don’t have to use their proxy features).


#3

you can use *.members.linode.com for sites ? that’s news to me !


#4

Same here although I’ve got my own domains with Linode & have not had any issues with LE so it must be a blacklist.

@pfg As @quantumriff is on Linode then as long as he can point the dns of the free domain to their dns servers then that’s all he’ll need to do.

Right now I’m setting up some domains that weren’t whitelisted in the private beta & so far so good.


#5

Is there a list somewhere of domains that are blacklisted?


#6

Oh good, I was wondering when the first false-positives from Let’s Encrypt’s insane decision to check with Google’s safebrowsing API would show up.


#7

The ‘*’ in *.members.linode.com is dynamic as far as I know. Or in other words, static for the lifetime of the “node”, but would be released when you decomission your server. I guess it makes sense to disallow creating certificates for such domains.


#8

Well, I tried a different DNS domain to point to my server…

Error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: ddns.net

I just wanted to test/play with some projects in my spare time, don’t really want to be purchasing a DNS name… Frustrating…


#9

If you’re just doing stuff for yourself, self-signed certificates are great. Getting a trusted certificate is better suited for when you want general public use without certificate warnings.


#10

Why not just buy a cheap domain that’s somewhat generic and then create subdomains there for testing purposes. For dyndns you could just CNAME it to the dyndns host.


#11

No-IP (who owns ddns.net) isn’t on the Public Suffix List yet, but they recently started the process of getting added. Once that’s done, rate limiting will work properly for those domains.

You can try a .tk domain (they’re free), or some other dynamic DNS provider which is already on the list.