My domain was rejected by Let's Encrypt on Heroku

My domain is: www.letstalkshots.com

I ran this command: Attempted to add a certificate automatically while using Heroku

It produced this output: "Domain considered unsafe"

My web server is (include version): gunicorn 20.1.0 on Heroku

The operating system my web server runs on is (include version): Ubuntu 22.04 LTS

My hosting provider, if applicable, is: Heroku

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, Heroku

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Not using Certbot, though attempting to get a certification through certbot works. We're trying to find out why the automated process failed and Heroku said to contact Let's Encrypt.

Hello @zjones, welcome to the Let's Encrypt community. :slightly_smiling_face:
Here is a list of issued certificates for crt.sh | www.letstalkshots.com, the latest being 2022-10-28.

Site looks fine from Firefox

And the certificate that is being served seem fine

1 Like

Hello! We manually generated a certificate with Let's Encrypt after the automated process on Heroku failed, but we're trying to avoid having to generate a new one manually every time it expires.

Heroku sent the following when we reached out to them:

Unfortunately, there isn't much that we (Heroku) can do about this directly as we build ACM on top of Let's Encrypt who manages the SSL certification for the domains. If your DNS settings are correct (per our docs) and you're stuck in an ACM status and heroku certs:auto:refresh doesn't resolve the issue, you're probably being rate-limited by Let's Encrypt. I would contact Let'sEncrypt directly to see if they can provide any insight on why the domain's cert generation failed, or perhaps they'll have a workaround for you. As always, we'll be standing by in case we can be of further help as well.

Unclear exactly why it failed, given the manually cert worked fine, but trying to figure out how to resolve it.

"Domain considered unsafe" isn't an error message that our API ever returns. It would be helpful to find out which error code or message of ours Heroku is encountering.

7 Likes

I agree with James, we'd need more debug logging to actually find out what's happening here.

It's kinda "easy" of Heroku to just pin the issue with Let's Encrypt while it's not yet clear where the problem even lies.

3 Likes

Yeah, not loving their response. I'll try the process again and see what happens, and see if they can dig into the details a little more to figure out what's going on.

1 Like