Error creating new authz :: Policy forbids issuing for name - on Linode droplet


#1

I’m trying to get a cert for li505-108.members.linode.com
also www.li505-108.members.linode.com and ftp.li505-108.members.linode.com if possible

My domain is: li505-108.members.linode.com

I ran this command: sudo -H ./letsencrypt-auto certonly --standalone -d li505-108.members.linode.com

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
An unexpected error occurred:
Error creating new authz :: Policy forbids issuing for name
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version): Linode droplet

The operating system my web server runs on is (include version): CentOs7

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): I have Plesk Onyx installed, but can’t use the LetsEncrypt module to do this because of policy restrictions. Linode support suggested I could use LetsEncrypt directly.


#2

Most likely is that you can’t issue certs for “linode.com”.
Try using an FQDN from a domain you actually own.


#3

It seems Linode is blocked by Let’s Encrypt itself.

See: Linode policy forbids issuing for name

Unfortunately, @cpu doesn’t mention WHY this policy is in place. Obviously, Let’s Encrypt has all the right to not tell us, but I’m interested why it is blocked. Is it possible for domain name owners to ask for this blockade? Is it something Let’s Encrypt did on its own? There are no CAA records responsible for this blockade…


#4

Hi,

The linode.com is being blocked for issuing certificates for ips.

Please use your own domain name instead to obtain a free certificate.

Thank you


#5

Either of these is possible separately from CAA (since Let’s Encrypt also maintains its own list of “high-risk domain names”). When either of these has happened, the domain owner will then have to contact Let’s Encrypt’s security address to have the block removed (and in either case, it wouldn’t be removed or modified without the domain owner’s request).


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.