Cannot issue cert: "Error creating new authz :: Syntax error"


#1

Hi,

I received my beta email.

So I tried to use the automatic method given in the email…

I get this error message:

Error: unauthorized :: The client lacks sufficient authorization :: Error creating new authz :: Syntax error

Full logs: http://î.fr/tmp/letsencrypt.txt

Can anyone help me solve this issue?

Thanks.


#3

HI @idn. I’m sorry you’ve been having trouble. My guess is that you requested a wildcard certificate (e.g. for “*.example.com”). Let’s Encrypt does not support wildcard certificates at this time and requesting them leads to the error you got here.

We’re currently working on catching this problem earlier in the client and giving the user a better error message about the issue.


#4

Thanks for your answer.

However, I did not request a wildcard certificate.

I only typed “î.fr”.


#5

not sure if double hyphens is valid -- ?


#6

It is. Just try it in your browser.


#7

@idn, I believe that the CA is currently refusing issuance for all internationalized domain names (although if that’s still the case, we shouldn’t be accepting them into the beta program!).

I don’t know whether that would result in this particular error, but I think the presence of an IDN is the underlying issue.


#8

I was in the internationalized domain names topic, but since you accepted my domain in the beta program, I thought you lifted the ban.

Well, especially, with the latest blog post “The CA’s Role in Fighting Phishing and Malware”, I hope you lift it for real very soon. (If google.com and gôôgle.com are too close, you should not be able to register the domain anyway. It’s not your job to do try to “protect” google by not allowing people to get a certificate for those domains :wink: )

Anyway, I have just tried and some other domains (regular ones) and everything went well. So thanks for the work you did so far. :slight_smile:


#9

@idn, I’m sorry for the confusion but I’ve confirmed that the CA isn’t issuing any certs for names with an IDN path component right now. Hopefully we can get the beta program criteria updated so that this is made clearer to beta applicants. Sorry about that!