Large integrators and issuing policies

Hey there,

We’re running into a fairly awkward issue. We have a series of companies as clients whose domains are on the Let’s Encrypt blacklist as far as issuing certificates against their hostnames goes, and every order we put in for their domains comes back with the error ‘Policy forbids issuing for name’.

This puts us in the position of not being able to issue a legitimate certificate, which they requested, through the Let’s Encrypt platform.

Is there any way of getting our account verified or whitelisted such that the blacklist is no longer enforced?

How are other large integrators getting around this?

1 Like

Hi @andrei,

I guess many large integrators don’t have that many name-blacklisted customers; maybe you’re providing higher-end services than other integrators do.

If the company’s domain was deliberately blacklisted as a precaution against misissuance concerns and the company consents to have Let’s Encrypt issue certificates, the blacklist can be altered. To discuss this you should write to security at It has been done quite a few times before and shouldn’t be too difficult, although it may require the company to confirm the request.


Edit: I don’t think that there’s a way to have an account exempted from the blacklist entirely; instead, each affected domain owner may need to confirm that it doesn’t want you to be prevented from obtaining certificates for its domain.


That's correct.

+1 - Please reach out and we can figure out the best way forward based on the situation.

1 Like

Awesome! I’ll reach out to that email.

Thank you so much for the assistance to both of you

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.