Is my domain blacklisted?


#1

Hello,
I get this error in Direct Admin when generating a certificate for this domain:


If the domaine is blacklisted can you whitelist it ?
Kind regards


Domains seem to be blacklisted
#2

Hi,

That message means your domain is forbiddened to request certificate (might be an well-known corporation, or use the similiar domain name)
Please share us your domain name (or share with a group of let’s encrypt staff member…) and one of let’s encrypt member should get in touch with you…

@lestaff

Thank you


#3

Can you confirm that you’re seeing the same DNS settings? Do you have access to configure the Apache vhost yourself? I believe what’s happening here is an apache redirection to unconfigured (in DNS) hebergementdolcevia.fr defaulting to the domainedelamiral.com vhost which policy forbids issuance for.

$ dig @8.8.8.8 hebergementdolcevia.fr +short

$ dig @8.8.8.8 www.hebergementdolcevia.fr +short
46.17.1.156

$ dig @8.8.8.8 domainedelamiral.com +short
46.17.1.156

$ dig @8.8.8.8 www.domainedelamiral.com +short
46.17.1.156

$ curl -IL www.hebergementdolcevia.fr
HTTP/1.1 301 Moved Permanently
Date: Mon, 13 Aug 2018 14:44:27 GMT
Server: Apache/2
Location: http://hebergementdolcevia.fr/
Vary: User-Agent
Content-Type: text/html; charset=UTF-8

curl: (6) Could not resolve host: hebergementdolcevia.fr

#4

Hi @ramshorst, I was curious if you had time to check my previous response and run the commands. Let me know what you find out!


#6

Hi,

Each thread should only contain one issue (to avoid conflict)… Please open an new thread & we would happy to help.

@staff Can someone please move this to an new thread?

Thank you


#7

In this case there isn’t enough context in the post for it to be understood as a separate topic. You did the right thing by just asking the author to open a new topic themselves.

@ShaneP that post needs to include the domain name or it’s really hard for us to tell if it’s blocked or not. :wink:


#8

Thanks for looking into it :slight_smile:
Indeed I have the same results than you on the commands.
Yes I can change the Apache vhost myself. This is the part that concerns the domain in there right now:

<VirtualHost 46.17.1.156:80 >
	ServerName www.hebergementdolcevia.fr
	ServerAlias www.hebergementdolcevia.fr hebergementdolcevia.fr 
	ServerAdmin webmaster@hebergementdolcevia.fr
	DocumentRoot /home/system/domains/hebergementdolcevia.fr/public_html
	ScriptAlias /cgi-bin/ /home/system/domains/hebergementdolcevia.fr/public_html/cgi-bin/
	UseCanonicalName OFF
	<IfModule !mod_ruid2.c>
		SuexecUserGroup system system
	</IfModule>
	<IfModule mod_ruid2.c>
		RMode config
		RUidGid system system
		#RGroups apache access
		RGroups @none
	</IfModule>
	CustomLog /var/log/httpd/domains/hebergementdolcevia.fr.bytes bytes
	CustomLog /var/log/httpd/domains/hebergementdolcevia.fr.log combined
	ErrorLog /var/log/httpd/domains/hebergementdolcevia.fr.error.log
	<Directory /home/system/domains/hebergementdolcevia.fr/public_html>
		php_admin_flag engine ON
		php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f system@hebergementdolcevia.fr'
		php_admin_value mail.log /home/system/.php/php-mail.log
		php_admin_value open_basedir /home/system/:/tmp:/var/tmp:/usr/local/lib/php/:/usr/local/php72/lib/php/
	</Directory>
</VirtualHost>

#9

@ramshorst
Can you configure the DNS A record for hebergementdolcevia.fr and attempt issuance again?


#10

I believe I already had that? Is there something wrong with it?


#11

The “*” wildcard record doesn’t apply to the zone apex.

You need to add a second A record, probably with the name set to “@”.


#12

I have configured the DNS successfully yesterday.
I have tried issuing the SSL certificate again but got the same error.
Do I need to configure something in the Apache vhost file?


#13

Hi @ramshorst

it’s unclear, if this is a problem of Direct Admin. But your challenge is confirmed, so this isn’t a dns-configuration-problem.

So, as test:

Use one of the online clients

listed under “Browser”. Then test, if you can create a certificate (use one with CSR generation). If this works, then it must be a problem with your Direct Admin Configuration.

If it is a Letsencrypt-problem, then it should be blocked.


Domains seem to be blacklisted
#14

Certificate generation went fine online with one of the CSR services.
I will contact my hosting for the Direct Admin part :slight_smile:
Thank you!


#15

Thanks! So we know, it’s not a problem Letsencrypt + your domain.

Hope your hoster has a solution.


#16

@ramshorst I think you wanted to write here

My hosting provider thinks that my servers IP (46.17.1.156) could have reached it’s weekly limit of 20 requests.

Which limits?

Requests limit of 20 per second

or

Certificates per Registered Domain , (50 per week).

(It was 20 before)


#17

Certificates per Registered Domain indeed :slight_smile:


#19

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.