It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
An unexpected error occurred:
Error creating new authz :: Policy forbids issuing for name
Please see the logfiles in /var/log/letsencrypt for more details.
My web server is (include version): Linode droplet
The operating system my web server runs on is (include version): CentOs7
My hosting provider, if applicable, is: Linode
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): I have Plesk Onyx installed, but can’t use the LetsEncrypt module to do this because of policy restrictions. Linode support suggested I could use LetsEncrypt directly.
Unfortunately, @cpu doesn’t mention WHY this policy is in place. Obviously, Let’s Encrypt has all the right to not tell us, but I’m interested why it is blocked. Is it possible for domain name owners to ask for this blockade? Is it something Let’s Encrypt did on its own? There are no CAA records responsible for this blockade…
Either of these is possible separately from CAA (since Let's Encrypt also maintains its own list of "high-risk domain names"). When either of these has happened, the domain owner will then have to contact Let's Encrypt's security address to have the block removed (and in either case, it wouldn't be removed or modified without the domain owner's request).