Error creating new authz. Policy forbids issuing for name

Scorcher · July 22, 2017, 11:17am

Can not generate certificate for one domain and its subdomains. About 200-300 other domain certificates was generated successfully. Could you help to resolve this problem?

My domain is: 53.ru, dengi.53.ru, auto.53.ru, afisha.53.ru

I ran this command: acme.sh --issue -d 53.ru -w /var/lib/acme.sh/wwwroot

It produced this output:
[Sat Jul 22 15:48:54 +05 2017] Registering account
[Sat Jul 22 15:48:56 +05 2017] Already registered
[Sat Jul 22 15:48:58 +05 2017] Update success.
[Sat Jul 22 15:48:58 +05 2017] Single domain=‘53.ru’
[Sat Jul 22 15:48:58 +05 2017] Getting domain auth token for each domain
[Sat Jul 22 15:48:58 +05 2017] Getting webroot for domain=‘53.ru’
[Sat Jul 22 15:48:58 +05 2017] _w=’/var/lib/acme.sh/wwwroot’
[Sat Jul 22 15:48:58 +05 2017] Getting new-authz for domain=‘53.ru’
[Sat Jul 22 15:48:59 +05 2017] The new-authz request is ok.
[Sat Jul 22 15:48:59 +05 2017] new-authz error: {“type”:“urn:acme:error:rejectedIdentifier”,“detail”:“Error creating new authz :: Policy forbids issuing for name”,“status”: 400}
[Sat Jul 22 15:48:59 +05 2017] Please check log file for more details: /var/log/acme.sh/main.log

mpalmer · July 22, 2017, 11:25am

That error occurs when the domain being issued for is on the “high risk target” list, or some other “it’s not a good idea to issue certificates for these domains” list. If you search on here for “Policy forbids issuing for name” you’ll find a number of topics discussing the reasons (and the reasons for the reasons).

schoen · July 22, 2017, 7:25pm

You can also talk to @cpu about whether this restriction can possibly be removed.

cpu · July 24, 2017, 2:40pm

Hi @Scorcher,

I’ve started the process to allow issuance for 53.ru domains. This usually takes ~7-14 days and I will update this thread when the change has been made.

Thanks for your patience!

isk · July 27, 2017, 7:01am

53.ru has been removed from the high risk blacklist. You should be able to issue for this domain now.

Scorcher · July 27, 2017, 7:26am

Thank you! Now, i am successfully generate certificates for these domains.

system · August 26, 2017, 7:26am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
{Error creating new authz :: Policy forbids issuing for name} Help	3	1301	November 29, 2017
Error when generating cert for customer: Policy forbids issuing for name Issuance Policy	2	1157	August 12, 2019
Policy forbids issuing for name. Where to read policy? Issuance Policy	10	2703	March 30, 2018
Policy forbids issuing for domain Server	6	2517	July 13, 2016
Policy forbids issuing for name Help	5	736	December 5, 2019

Error creating new authz. Policy forbids issuing for name

Related topics