Error creating new authz. Policy forbids issuing for name


#1

Can not generate certificate for one domain and its subdomains. About 200-300 other domain certificates was generated successfully. Could you help to resolve this problem?

My domain is: 53.ru, dengi.53.ru, auto.53.ru, afisha.53.ru

I ran this command: acme.sh --issue -d 53.ru -w /var/lib/acme.sh/wwwroot

It produced this output:
[Sat Jul 22 15:48:54 +05 2017] Registering account
[Sat Jul 22 15:48:56 +05 2017] Already registered
[Sat Jul 22 15:48:58 +05 2017] Update success.
[Sat Jul 22 15:48:58 +05 2017] Single domain=‘53.ru
[Sat Jul 22 15:48:58 +05 2017] Getting domain auth token for each domain
[Sat Jul 22 15:48:58 +05 2017] Getting webroot for domain=‘53.ru
[Sat Jul 22 15:48:58 +05 2017] _w=’/var/lib/acme.sh/wwwroot’
[Sat Jul 22 15:48:58 +05 2017] Getting new-authz for domain=‘53.ru
[Sat Jul 22 15:48:59 +05 2017] The new-authz request is ok.
[Sat Jul 22 15:48:59 +05 2017] new-authz error: {“type”:“urn:acme:error:rejectedIdentifier”,“detail”:“Error creating new authz :: Policy forbids issuing for name”,“status”: 400}
[Sat Jul 22 15:48:59 +05 2017] Please check log file for more details: /var/log/acme.sh/main.log


#2

That error occurs when the domain being issued for is on the “high risk target” list, or some other “it’s not a good idea to issue certificates for these domains” list. If you search on here for “Policy forbids issuing for name” you’ll find a number of topics discussing the reasons (and the reasons for the reasons).


#3

You can also talk to @cpu about whether this restriction can possibly be removed.


#4

Hi @Scorcher,

I’ve started the process to allow issuance for 53.ru domains. This usually takes ~7-14 days and I will update this thread when the change has been made.

Thanks for your patience!


#5

53.ru has been removed from the high risk blacklist. You should be able to issue for this domain now.


#6

Thank you! Now, i am successfully generate certificates for these domains.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.