Failed to Create Due to 'rejectedIdentifier' Error


#1

Please fill out the fields below so we can help you better.

My domain is:
ec2-34-202-247-8.compute-1.amazonaws.com

I ran this command:
sudo certbot certonly --standalone --domain ec2-34-202-247-8.compute-1.amazonaws.com

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
An unexpected error occurred:
Error creating new authz
Please see the logfiles in /var/log/letsencrypt for more details.

Log file shows:

    2017-05-02 16:50:10,569:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 400 106
2017-05-02 16:50:10,570:DEBUG:acme.client:Received response:
HTTP 400
Server: nginx
Content-Type: application/problem+json
Content-Length: 106
Boulder-Request-Id: qJ_pR1E89hkvR8sqCY6tCNS2bd40uu3v_4dxFDEu8h0
Boulder-Requester: 13760513
Replay-Nonce: lD3i56fRWU1WQ7deB7HeaJbJVyoIZJRCyfikCd5WwQM
Expires: Tue, 02 May 2017 16:50:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 02 May 2017 16:50:10 GMT
Connection: close

{
  "type": "urn:acme:error:rejectedIdentifier",
  "detail": "Error creating new authz",
  "status": 400
}
2017-05-02 16:50:10,570:DEBUG:acme.client:Storing nonce: lD3i56fRWU1WQ7deB7HeaJbJVyoIZJRCyfikCd5WwQM
2017-05-02 16:50:10,571:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.12.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 896, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 692, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 92, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 294, in obtain_and_enroll_certificate
    certr, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 265, in obtain_certificate
    self.config.allow_subset_of_names)
  File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 67, in get_authorizations
    domain, self.account.regr.new_authzr_uri)
  File "/usr/lib/python2.7/dist-packages/acme/client.py", line 228, in request_domain_challenges
    typ=messages.IDENTIFIER_FQDN, value=domain), new_authzr_uri)
  File "/usr/lib/python2.7/dist-packages/acme/client.py", line 208, in request_challenges
    new_authz)
  File "/usr/lib/python2.7/dist-packages/acme/client.py", line 686, in post
    return self._post_once(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/acme/client.py", line 699, in _post_once
    return self._check_response(response, content_type=content_type)
  File "/usr/lib/python2.7/dist-packages/acme/client.py", line 586, in _check_response
    raise messages.Error.from_json(jobj)
Error: urn:acme:error:rejectedIdentifier :: Error creating new authz

My operating system is (include version):
Ubuntu 16.04

My web server is (include version):
None running right now.

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I have only come across one other posting with this exact error and it was due to black list. An engineer from Boulder responded and said he would be contacting him in a DM.

Any help would be appreciated!


#2

amazonaws.com subdomains (and similar domain names from other hosters) are blacklisted because they are ephemeral and reassigned to other users regularly. It would be to easy to mint certificates for most domains in that range in a short amount of time by simply spawning new instances for a while, making them rather useless as a means of preventing interception.

You’ll need to use a “real” domain name that you’ve purchased, or a subdomain of one you already own.


#3

ah I see, that makes total sense.

Thanks so much!


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.