Not able to generate ECDSA end entity certificate


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
https://vpxsslqualys.citrix.com

I ran this command:

It produced this output:
Certificate signature failed. If you supplied your own CSR make sure the domains on it match what you put on SSLForFree. If there is a rate limiting error at the end of this paragraph certificates per Domain is currently 5 per 7 days. Try asking Lets Encrypt to increase the limit or wait 7 days. Rate limits should increase in the near future. { “type”: “urn:ietf:params:acme:error:malformed”, “detail”: “Error finalizing order :: policy forbids issuing for: “vpxsslqualys.citrix.com;mpxsslqualys.citrix.com””, “status”: 400 }


#2

Hello @sajualways,

The root cause of your trouble is this policy error: It looks like you combined two domain names into one in the CSR separated by a semi-colon: vpxsslqualys.citrix.com;mpxsslqualys.citrix.com

That’s not a valid domain name and so the CA is rejecting your CSR.

Can you verify that you’re specifying your domain names to the tool generating your CSR correctly? Maybe it expected the domains to be separated a different way in the input.

Thanks!


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.