Error creating new authz. Policy forbids issuing for name

Can not generate certificate for one domain and its subdomains. About 200-300 other domain certificates was generated successfully. Could you help to resolve this problem?

My domain is: 53.ru, dengi.53.ru, auto.53.ru, afisha.53.ru

I ran this command: acme.sh --issue -d 53.ru -w /var/lib/acme.sh/wwwroot

It produced this output:
[Sat Jul 22 15:48:54 +05 2017] Registering account
[Sat Jul 22 15:48:56 +05 2017] Already registered
[Sat Jul 22 15:48:58 +05 2017] Update success.
[Sat Jul 22 15:48:58 +05 2017] Single domain=‘53.ru’
[Sat Jul 22 15:48:58 +05 2017] Getting domain auth token for each domain
[Sat Jul 22 15:48:58 +05 2017] Getting webroot for domain=‘53.ru’
[Sat Jul 22 15:48:58 +05 2017] _w=’/var/lib/acme.sh/wwwroot’
[Sat Jul 22 15:48:58 +05 2017] Getting new-authz for domain=‘53.ru’
[Sat Jul 22 15:48:59 +05 2017] The new-authz request is ok.
[Sat Jul 22 15:48:59 +05 2017] new-authz error: {“type”:“urn:acme:error:rejectedIdentifier”,“detail”:“Error creating new authz :: Policy forbids issuing for name”,“status”: 400}
[Sat Jul 22 15:48:59 +05 2017] Please check log file for more details: /var/log/acme.sh/main.log

That error occurs when the domain being issued for is on the “high risk target” list, or some other “it’s not a good idea to issue certificates for these domains” list. If you search on here for “Policy forbids issuing for name” you’ll find a number of topics discussing the reasons (and the reasons for the reasons).

You can also talk to @cpu about whether this restriction can possibly be removed.

Hi @Scorcher,

I’ve started the process to allow issuance for 53.ru domains. This usually takes ~7-14 days and I will update this thread when the change has been made.

Thanks for your patience!

53.ru has been removed from the high risk blacklist. You should be able to issue for this domain now.

Thank you! Now, i am successfully generate certificates for these domains.