We have been issuing wildcard cert for domain *.syriatel.sy for a while with let’s encrypt. recently certificate got revoked and renewal fails with “due to Policy” error.
What can be done please, and why the reason for sudden rejection.
Maybe because SYRIATEL is on the SDN list: https://www.treasury.gov/ofac/downloads/sdnlist.txt
My advice to avoid that situation in the future: avoid US-based CA, even if they accept to issue a certificate, they may revoke it without warning.
For example, there is Buypass (https://en.wikipedia.org/wiki/Buypass), a Norwegian CA compatible with the ACME protocol for free certificates https://www.buypass.com/ssl/resources/acme-free-ssl (but limited to one domain per certificate, and without wildcard).
(I don’t know if Norway/Europe have such restriction against SYRIATEL)
But maybe you think the interpretation of the SDN list by Let’s Encrypt was too narrow and they should accept to issue certificates to SYRIATEL?
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.