Name is blacklisted


#1

Hi!

Have a problem issuing a cetrificate for domain(it’s not a popular site, it’s not blacklisted in google - safe browsing lookup give me “No available data”.

It’s not a DDNS domain. How can I check why it’s blacklisted. Will not post publicly domain name for privacy reasons.


#2

Please note that all certificates LE issues are submitted to Certificate transparency, which is a public log. So if you plan to use LE your domain will appear in a public log.


#3

Doesn’t matter. There won’t be my name in that log for example.


#4

I’m just saying keeping the troubling domain secret is not really possible if you intend to obtain a certificate for via LE. Meanwhile it just makes diagnosing your issue impossible.


#5

I don’t think so. You can tell me what diagnosing procedure you will do by yourself, and I will try it myself.
I checked Alexa Top 1000, I checked Google Safe Browsing. Any other suggestions?


#6

You could post the exact log here and obfuscate your domain by changing it to “example.com”. That could help a little bit perhaps.


#7

Given the supposed error message no available data doesn’t exist in boulder’s source, I’d ask you for the real and full error message first and then base the further diagnosis on that.


#8

I don’t suspect the logs will help in this case … the blacklist is to protect against mis-issuance for high-risk domains (those which are more likely to be maliciously targeted for mis-issuance).

I suspect that you need to go through a few extra hoops to confirm that you are the legitimate owner. If you are then the ‘blacklist’ is there to protect you.


#9

No wonder you can’t find that, because he’s refering to a ‘Google safe browsing lookup’ :wink:


#10

http://pastebin.com/H8CrT1t9
full error log


#11

Well, that’s rather unambiguous. I’m not sure what the right way to inquiry about it is, so you have to wait until one of the staffs sees this thread and clarifies that.


#12

As far as I can tell/track back in the code, the blacklist is maintained in a SQL database: policy-authority-data.go.

No clue how it’s filled though.


#13

@padluka: As someone pointed out, we have a list of high-risk domains for which we refuse to issue certificates. If you feel that your domain is not high-risk, you can request that it be removed.

I’d also like to repeat what others have said: When you issue a certificate from Let’s Encrypt, it will be disclosed publicly. Make sure to double-check the Privacy Policy to make sure you are okay with that disclosure.

Thanks,
Jacob


#14

@jsha: how can I request it?

I don’t see any problem publishing domain name. I don’t want to associate it with my name, that’s all