I agree to you, @tialaramex and I like your suggestion. It also took me some time to figure out, what to do next and I was not sure if I made a mistake. After some searching I found this forum category and got some very helpful information from @cpu.
From my point of view it would have been helpful to get a hint how to deal with this issue (this is most important) and if possible some background information.
Policy forbids issuing for your.requested.dns.domain.example
The baseline requirements that we have to meet as a CA wishing to be included in various browser root programs mandates that we maintain a list of “high value domains” that we won’t issue for without explicit action.
To get help have a look at the forums and create a new topic in the “Issuance Policy” category: https://community.letsencrypt.org/c/issuance-policy
I do not know if there are other reasons which may result in the “Policy forbids issuing for name” error.
Probably the previous Error message might be a bit long for the logfile - so a better way could be to append a link to the message like:
Policy forbids issuing for your.requested.dns.domain.example see https://letsencrypt.org/docs/issuance-policy for details
So my suggestion would be to add a link to a documentation website with the benefit of easier maintenance (changes can be made to the website without releasing and deploying new software) and keeping messages in logfiles clear.