Policy forbids issuing for name -- stuck on this

I tried again and this time only asked to certify the domain names I own rather than the AWS server name, seemed to work fine. Sorry to trouble you, maybe someone can benefit from my issue though.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: bennetgeis.com; landongeis.com

I ran this command: sudo ./certbot-auto --debug

It produced this output:
–2018-01-19 23:00:48-- https://dl.eff.org/certbot-auto
Resolving dl.eff.org (dl.eff.org)…, 2a04:4e42:2f::201
Connecting to dl.eff.org (dl.eff.org)||:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 61763 (60K) [application/octet-stream]
Saving to: ‘certbot-auto.3’

certbot-auto.3 100%[===================>] 60.32K --.-KB/s in 0.02s

2018-01-19 23:00:48 (2.61 MB/s) - ‘certbot-auto.3’ saved [61763/61763]

[ec2-user@ip-172-31-19-84 ~]$ chmod a+x certbot-auto
[ec2-user@ip-172-31-19-84 ~]$ sudo ./certbot-auto --debug
Upgrading certbot-auto 0.20.0 to 0.21.0…
Replacing certbot-auto…
Creating virtual environment…
Installing Python packages…
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?

1: ec2-18-217-223-31.us-east-2.compute.amazonaws.com
2: www.ec2-18-217-223-31.us-east-2.compute.amazonaws.com
3: bennetgeis.com
4: www.bennetgeis.com
5: landongeis.com
6: www.landongeis.com

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):
Obtaining a new certificate
Exiting abnormally:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 11, in
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main .py”, line 1240, in main
return config.func(config, plugins)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main .py”, line 994, in run
certname, lineage)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main .py”, line 118, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/clie nt.py”, line 357, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/clie nt.py”, line 318, in obtain_certificate
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth _handler.py”, line 66, in get_authorizations
self.authzr[domain] = self.acme.request_domain_challenges(domain)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client. py”, line 213, in request_domain_challenges
typ=messages.IDENTIFIER_FQDN, value=domain), new_authzr_uri)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client. py”, line 192, in request_challenges
response = self.net.post(self.directory.new_authz, new_authz)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client. py”, line 709, in post
return self._post_once(*args, **kwargs)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client. py”, line 722, in _post_once
return self._check_response(response, content_type=content_type)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client. py”, line 583, in _check_response
raise messages.Error.from_json(jobj)
Error: urn:acme:error:rejectedIdentifier :: Error creating new authz :: Policy f orbids issuing for name
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version): Linux Apache 2.4 (ec2-18-217-223-31.us-east-2.compute.amazonaws.com; elastic IP is

The operating system my web server runs on is (include version): Linux

My hosting provider, if applicable, is: AWS EC2

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I’d guess that the amazonaws.com names are being blocked by policy. Try selecting 3,4,5,6 to only request a certificate for your own domains.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.