Hi!
Request the exclusion of my domain from the SSL certificate issuance blacklist.
it’s a popular site, it’s not blacklisted in google
How can I check why it’s blacklisted. Will not post publicly domain name for privacy reasons.
Hi!
Request the exclusion of my domain from the SSL certificate issuance blacklist.
it’s a popular site, it’s not blacklisted in google
How can I check why it’s blacklisted. Will not post publicly domain name for privacy reasons.
Hi @mayu,
The error message from the certificate authority should probably indicate more about the reason, although the most general case is "policy forbids issuing for name", in which case you can't really get any more information directly through the ACME protocol.
Some possibilities include
If you're confident that the name is blacklisted in error, you can contact security@letsencrypt.org and describe your situation. Note that this won't help in the 2nd, 3rd, and 6th cases I mentioned above.
If you're not sure, you could find out whether this could be the case by seeing if you fall into any of these categories
https://www.treasury.gov/resource-center/sanctions/Programs/Pages/Programs.aspx
Your answer is very easy to understand. Thank schoen very much.
I have additional questions.
Can anyone make inquiries to the certificate authority(security@letsencrypt.org)?
For example, is there any restriction that I can only do with a certified lawyer?
There’s some further detail on what would be required in this post: The ACME server refuses to issue a certificate for this domain name, because it is forbidden by policy
thanks _az!
my domain’s not ACME
That's good advice for some cases, but that might not be required depending on the exact reason for the blacklist. In particular, I think those were the recommended steps when the name you want to issue for is deliberately on the blacklist because Let's Encrypt thinks the domain owner wants it to be (like visa.com or google.com). In other situations, it might be possible to get removed in another way.
I think for my example reasons above, I would probably suggest
Mention just the top-level domain here on the forum, in order to bring it to Let's Encrypt staff's attention.
You'd need to use a different name or a non-publicly trusted CA.
You'd need to use a different CA.
Ask the security address about your particular situation.
Ask your organization's leadership or management to make the request for you.
You would probably need to use another CA, unless the hosting provider itself wants to reopen this issue with Let's Encrypt.
(I'm happy to accept corrections from Let's Encrypt staff about this!)
ACME is the name of the technology used by Let's Encrypt client applications to talk to the Let's Encrypt certificate authority. Everyone using Let's Encrypt is always using the ACME technology to request the issuance of the certificates; it's not a property of your particular domain.
Then there’s also a possibility that you just went against the rate limits and just need to wait.
Is the number 429 anywhere in your error message?
or the words “excessive” or “abusive” ?
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.