Policy Forbids Issuing For My Domain

Please fill out the fields below so we can help you better.

My domain is: skyhawks.com.au

I ran this command: zerossl.com

It produced this output: forbids issuing

My operating system is (include version): Win Svr 16

My web server is (include version): IIS

My hosting provider, if applicable, is: privately

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no, ISS 10

I think it is very likely to the fact that I’ve been toying around with SSL on my server all day and generating certificates wondering why they wouldn’t import etc. I think my domain has been blacklisted as a result… :confused: any help ?

Could you include the full error message you got? Judging by crt.sh, you shouldn’t be running into any rate-limiting issues yet (it’s not a real-time view though), plus the error message isn’t consistent with that, so it’s hard to say more without all the details.

Any chance there are additional (sub)domains in your CSR to which Let’s Encrypt could be referring to with the error?

Error information: Error creating new cert :: policy forbids issuing for: “skyhawks australia”.

Could be using:


I’ve been hitting it fairly hard today, this is a learning expedition on my behalf to be fair.

This probably means you’re actually requesting a certificate for the (invalid) hostname “skyhawks australia” (written exactly like that). I’d review how you’re generating CSR to figure out why that domain is on it.

1 Like


IIS has been a pain in the back side all day.

If you are using a CSR generated elsewhere, rather than letting your browser to generate one on ZeroSSL, then the domains list will be loaded from that CSR. By the look of the error message shown, in this case the names do not appear to be correct domain names indeed.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.