Error creating new cert :: policy forbids issuing for:

Error creating new cert :: policy forbids issuing for: “primary.linq.tech dns:mail.linq.tech dns:smtp.linq.tech”

Am I doing something wrong?
I’m using directadmin with the letsencrypt tool from the command line:

[root@primary scripts]# ./letsencrypt.sh renew primary.linq.tech 4096
Setting up certificate for a hostname: primary.linq.tech
Getting challenge for primary.linq.tech from acme-server…
Waiting for domain verification…
Challenge is valid.
Getting challenge for mail.linq.tech from acme-server…
Waiting for domain verification…
Challenge is valid.
Getting challenge for smtp.linq.tech from acme-server…
Waiting for domain verification…
Challenge is valid.
Generating 4096 bit RSA key for primary.linq.tech…
openssl genrsa 4096 > "/usr/local/directadmin/conf/cakey.pem.new"
Generating RSA private key, 4096 bit long modulus
…++
…++
e is 65537 (0x10001)
Size of certificate response is smaller than 500 characters, it means something went wrong. Printing response…
“detail”: “Error creating new cert :: policy forbids issuing for: “primary.linq.tech dns:mail.linq.tech dns:smtp.linq.tech””

Whoops.

In /usr/local/directadmin/conf/ca.san_config I changed the values in the [ SAN ]
from:
subjectAltName=DNS:primary.linq.tech DNS:mail.linq.tech DNS:smtp.linq.tech
to:
subjectAltName=DNS:primary.linq.tech, DNS:mail.linq.tech, DNS:smtp.linq.tech

I missed commas (,).

After this change it worked.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.