Can't issue certificate due to "Policy"

Hello,
We have been issuing wildcard cert for domain *.syriatel.sy for a while with let’s encrypt. recently certificate got revoked and renewal fails with “due to Policy” error.
What can be done please, and why the reason for sudden rejection.
Thank you

Maybe because SYRIATEL is on the SDN list: https://www.treasury.gov/ofac/downloads/sdnlist.txt

See also Certificates issued to persons or entities on the U.S. Treasury Department’s Specially Designated Nationals list

And According to mcclatchydc.com Let's Encrypt revoqued and banned USAReally.com :

1 Like

My advice to avoid that situation in the future: avoid US-based CA, even if they accept to issue a certificate, they may revoke it without warning.

For example, there is Buypass (https://en.wikipedia.org/wiki/Buypass), a Norwegian CA compatible with the ACME protocol for free certificates https://www.buypass.com/ssl/resources/acme-free-ssl (but limited to one domain per certificate, and without wildcard).

(I don’t know if Norway/Europe have such restriction against SYRIATEL)

But maybe you think the interpretation of the SDN list by Let’s Encrypt was too narrow and they should accept to issue certificates to SYRIATEL?

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.