Large integrators and issuing policies


#1

Hey there,

We’re running into a fairly awkward issue. We have a series of companies as clients whose domains are on the Let’s Encrypt blacklist as far as issuing certificates against their hostnames goes, and every order we put in for their domains comes back with the error ‘Policy forbids issuing for name’.

This puts us in the position of not being able to issue a legitimate certificate, which they requested, through the Let’s Encrypt platform.

Is there any way of getting our account verified or whitelisted such that the blacklist is no longer enforced?

How are other large integrators getting around this?


#2

Hi @andrei,

I guess many large integrators don’t have that many name-blacklisted customers; maybe you’re providing higher-end services than other integrators do.

If the company’s domain was deliberately blacklisted as a precaution against misissuance concerns and the company consents to have Let’s Encrypt issue certificates, the blacklist can be altered. To discuss this you should write to security at letsencrypt.org. It has been done quite a few times before and shouldn’t be too difficult, although it may require the company to confirm the request.

Thanks!

Edit: I don’t think that there’s a way to have an account exempted from the blacklist entirely; instead, each affected domain owner may need to confirm that it doesn’t want you to be prevented from obtaining certificates for its domain.


#3

That’s correct.

+1 - Please reach out and we can figure out the best way forward based on the situation.


#4

Awesome! I’ll reach out to that email.

Thank you so much for the assistance to both of you


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.