I’ve found a couple of questions with the same name and most of them ended with manually whitelisting the domains by LE team. And so, I have these questions:
If I get errors like acme: Error 400 - urn:acme:error:rejectedIdentifier - Policy forbids issuing for name - are there any ways to find out what are the reasons behind it?
Is this error should be treated as permanent (ie: it’s useless to just retry in some amount of time if we get such error)?
Is it possible to whitelist at least the domain in title (www.adp.co.il) for now?
Is there any automated way of dealing with such domains (cause I believe we would have a bunch of them)?
There's not much to know beyond what's in the error text in this case.
Yes - retrying won't help without manual intervention from Let's Encrypt staff & a deploy cycle.
I can start the process to adjust the policy for this name.[quote="fxposter, post:1, topic:28863"]
Is there any automated way of dealing with such domains (cause I believe we would have a bunch of them)?
[/quote]
There isn't any automated way to deal with this. Apologies.
By the way, I think the reason this may originally have been blacklisted is the similarity with the ADP company in the U.S. https://en.wikipedia.org/wiki/Automatic_Data_Processing, which I believe is the biggest payroll services and employee benefits company.