Policy forbids issuing for name: www.adp.co.il



I’ve found a couple of questions with the same name and most of them ended with manually whitelisting the domains by LE team. And so, I have these questions:

  1. If I get errors like acme: Error 400 - urn:acme:error:rejectedIdentifier - Policy forbids issuing for name - are there any ways to find out what are the reasons behind it?
  2. Is this error should be treated as permanent (ie: it’s useless to just retry in some amount of time if we get such error)?
  3. Is it possible to whitelist at least the domain in title (www.adp.co.il) for now?
  4. Is there any automated way of dealing with such domains (cause I believe we would have a bunch of them)?



Hi @fxposter,

There’s not much to know beyond what’s in the error text in this case.

Yes - retrying won’t help without manual intervention from Let’s Encrypt staff & a deploy cycle.

I can start the process to adjust the policy for this name.[quote=“fxposter, post:1, topic:28863”]
Is there any automated way of dealing with such domains (cause I believe we would have a bunch of them)?

There isn’t any automated way to deal with this. Apologies.



Are there any list of such policies anywhere?

Please, do. Thanks!

Would it be possible if we gather all domains that give such errors to us and post it here, so that you can bulk-whitelist them?


Unfortunately the list of domains isn’t publicly available.

Yes, that would be great. I’ll have to verify each independently and submit policy adjustments.


Thank you. Will get back later this week.


By the way, I think the reason this may originally have been blacklisted is the similarity with the ADP company in the U.S. https://en.wikipedia.org/wiki/Automatic_Data_Processing, which I believe is the biggest payroll services and employee benefits company.


Hi again @fxposter,

You should be able to issue for adp.co.il domains now. Please let me know if you’re still encountering a policy error.



This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.