I’m only getting an error when I try to issue a certificate for compras.adp.com.pe
This is the error appeared on console:
An unexpected error occurred:
Policy forbids issuing for name
Please see the logfiles in /var/log/letsencrypt for more details.
This is the command used
# certbot certonly --webroot -w /var/www/adp/public -d compras.adp.com.pe
And finally this is the log registered:
2017-02-07 09:19:04,373:DEBUG:certbot.main:Root logging level set at 30
2017-02-07 09:19:04,373:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-02-07 09:19:04,373:DEBUG:certbot.main:certbot version: 0.8.1
2017-02-07 09:19:04,374:DEBUG:certbot.main:Arguments: ['--webroot', '-w', '/var/www/adp/public', '-d', 'compras.adp.com.pe']
2017-02-07 09:19:04,374:DEBUG:certbot.main:Discovered plugins:
PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2017-02-07 09:19:04,380:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2017-02-07 09:19:04,381:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x1ea5950>
Prep: True
2017-02-07 09:19:04,381:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x1ea5950> and installer None
2017-02-07 09:19:06,430:DEBUG:certbot.main:Picked account <Account({banned account id})>
2017-02-07 09:19:06,437:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2017-02-07 09:19:06,447:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-02-07 09:19:06,727:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 352
2017-02-07 09:19:06,727:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 352
2017-02-07 09:19:06,728:DEBUG:root:Received <Response [200]>. Headers: {'content-length': '352', 'strict-transport-security': 'max-age=604800', 'boulder-request-id': 'YOVT3_kQ_-1smo_W_x0g0ddWD0yd-Uu7FTqXtaHoKpA', 'expires': 'Tue, 07 Feb 2017 09:19:06 GMT', 'server': 'nginx', 'connection': 'keep-alive', 'pragma': 'no-cache', 'cache-control': 'max-age=0, no-cache, no-store', 'date': 'Tue, 07 Feb 2017 09:19:06 GMT', 'x-frame-options': 'DENY', 'content-type': 'application/json', 'replay-nonce': '72GeQSUzAu_iXjm_5oaMt6txL0f-bIu3alvKcbNjG7M'}. Content: '{\n "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",\n "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}'
2017-02-07 09:19:06,728:DEBUG:acme.client:Received response <Response [200]> (headers: {'content-length': '352', 'strict-transport-security': 'max-age=604800', 'boulder-request-id': 'YOVT3_kQ_-1smo_W_x0g0ddWD0yd-Uu7FTqXtaHoKpA', 'expires': 'Tue, 07 Feb 2017 09:19:06 GMT', 'server': 'nginx', 'connection': 'keep-alive', 'pragma': 'no-cache', 'cache-control': 'max-age=0, no-cache, no-store', 'date': 'Tue, 07 Feb 2017 09:19:06 GMT', 'x-frame-options': 'DENY', 'content-type': 'application/json', 'replay-nonce': '72GeQSUzAu_iXjm_5oaMt6txL0f-bIu3alvKcbNjG7M'}): '{\n "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",\n "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}'
2017-02-07 09:19:06,761:DEBUG:root:Requesting fresh nonce
2017-02-07 09:19:06,761:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
2017-02-07 09:19:06,952:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-authz HTTP/1.1" 405 0
2017-02-07 09:19:06,953:DEBUG:root:Received <Response [405]>. Headers: {'content-length': '91', 'allow': 'POST', 'boulder-request-id': '6WkoxKr8toLeiyWPyEYXqCPX-JmHBZR_VCrccK0dtIc', 'expires': 'Tue, 07 Feb 2017 09:19:06 GMT', 'server': 'nginx', 'connection': 'keep-alive', 'pragma': 'no-cache', 'cache-control': 'max-age=0, no-cache, no-store', 'date': 'Tue, 07 Feb 2017 09:19:06 GMT', 'content-type': 'application/problem+json', 'replay-nonce': 'EqQSQwtjw1GRydfVX-m8edQU6N7OCXCuxD-UAwWrnQg'}. Content: ''
2017-02-07 09:19:06,953:DEBUG:acme.client:Storing nonce: '\x12\xa4\x12C\x0bc\xc3Q\x91\xc9\xd7\xd5_\xe9\xbcy\xd4\x14\xe8\xde\xce\tp\xae\xc4?\x94\x03\x05\xab\x9d\x08'
2017-02-07 09:19:06,954:DEBUG:acme.jose.json_util:Omitted empty fields: expires=None, challenges=None, combinations=None, status=None
2017-02-07 09:19:06,954:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "compras.adp.com.pe"}, "resource": "new-authz"}
2017-02-07 09:19:06,955:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jwk=None, x5u=None, kid=None, alg=None, cty=None, x5tS256=None, jku=None, x5t=None
2017-02-07 09:19:07,011:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), nonce=None, x5u=None, typ=None, kid=None, cty=None, x5tS256=None, jku=None, x5t=None
2017-02-07 09:19:07,011:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), nonce=None, x5u=None, typ=None, kid=None, cty=None, x5tS256=None, jku=None, x5t=None
2017-02-07 09:19:07,012:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "wKr-UQ1PgE3n3lIyRzDvFIbyHifl0Tm26RM-SMXNVo_jbzx6n5xWMJxJuuzRb9PPQ5c3nMEbuEVeomRSK0MOGekAS12UfKekU4XSxS9ys8kWZvFfES93MsgSVMO-tObs0MTId5MmfbCRMTbKoWXvNSTOxZhpubrKaHT4xJHw3IfTVzHAvkNFbCwLDRS1lcxoXSzu2E3Ua_S2dPYq5WmjlnTb-_WtuFa0K5-5RWWRq3iQAJM1Jz5QkDMFi4QWoyJpQ9xtAfzceSZvCeZFyzRworM1zLSVk-5y7IudrZCpjFHh7lLuOx2RhqAghP_sqkuoQoW029HLi1V276G3efG1Mw"}}, "protected": "{****BANNED BY POST AUTHOR****}", "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJjb21wcmFzLmFkcC5jb20ucGUifSwgInJlc291cmNlIjogIm5ldy1hdXRoeiJ9", "signature": "rNIQZyBsN58JblFV8Cx407dSLJod73L_XGwpCA7HjxVTLOo5VVtXSAVfM7VM07B2ntYLBR_ukxWLuLJKPEJk4B-T2j24ZSl-s5RsO9HW_LmUSNhfhM1sFVAXY_96j0VAhS1vzYn6GK_wHWigRpEkzWiiphMiiuNUywMEayVqgv3LFz8YVuZQ_J-Iho_uOWLirC47yNPy01EaLtZsunPHPq6d55svRXlxDnAjU5d1WdHx7s6VC2MYyNUD65n9pzu5WV6pOHxgwG3enUaMg4iEcx91okJJN12YUdTnfUXiisWgH0YbRV2OeaJ8EBptapwS5aJm64EmmGEx4hG8jgbFPg"}'}
2017-02-07 09:19:07,213:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 400 113
2017-02-07 09:19:07,215:DEBUG:root:Received <Response [400]>. Headers: {'content-length': '113', 'boulder-request-id': 'EfdWX0n9MHQF1l6aTTMKPIUOLCATtmH72aa2nUaLknA', 'boulder-requester': '5346297', 'expires': 'Tue, 07 Feb 2017 09:19:07 GMT', 'server': 'nginx', 'connection': 'close', 'pragma': 'no-cache', 'cache-control': 'max-age=0, no-cache, no-store', 'date': 'Tue, 07 Feb 2017 09:19:07 GMT', 'content-type': 'application/problem+json', 'replay-nonce': 'Pcm1wFT-EQ4Yeeu3XHJQDiucIITa4yrYeep5hK9-PtI'}. Content: '{\n "type": "urn:acme:error:rejectedIdentifier",\n "detail": "Policy forbids issuing for name",\n "status": 400\n}'
2017-02-07 09:19:07,216:DEBUG:acme.client:Storing nonce: '=\xc9\xb5\xc0T\xfe\x11\x0e\x18y\xeb\xb7\\rP\x0e+\x9c \x84\xda\xe3*\xd8y\xeay\x84\xaf~>\xd2'
2017-02-07 09:19:07,216:DEBUG:acme.client:Received response <Response [400]> (headers: {'content-length': '113', 'boulder-request-id': 'EfdWX0n9MHQF1l6aTTMKPIUOLCATtmH72aa2nUaLknA', 'boulder-requester': '5346297', 'expires': 'Tue, 07 Feb 2017 09:19:07 GMT', 'server': 'nginx', 'connection': 'close', 'pragma': 'no-cache', 'cache-control': 'max-age=0, no-cache, no-store', 'date': 'Tue, 07 Feb 2017 09:19:07 GMT', 'content-type': 'application/problem+json', 'replay-nonce': 'Pcm1wFT-EQ4Yeeu3XHJQDiucIITa4yrYeep5hK9-PtI'}): '{\n "type": "urn:acme:error:rejectedIdentifier",\n "detail": "Policy forbids issuing for name",\n "status": 400\n}'
2017-02-07 09:19:07,218:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 9, in <module>
load_entry_point('certbot==0.8.1', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 744, in main
return config.func(config, plugins)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 555, in obtain_cert
_, action = _auth_from_domains(le_client, config, domains, lineage)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 94, in _auth_from_domains
lineage = le_client.obtain_and_enroll_certificate(domains)
File "/usr/lib/python2.7/site-packages/certbot/client.py", line 276, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python2.7/site-packages/certbot/client.py", line 247, in obtain_certificate
self.config.allow_subset_of_names)
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 64, in get_authorizations
domain, self.account.regr.new_authzr_uri)
File "/usr/lib/python2.7/site-packages/acme/client.py", line 217, in request_domain_challenges
typ=messages.IDENTIFIER_FQDN, value=domain), new_authzr_uri)
File "/usr/lib/python2.7/site-packages/acme/client.py", line 197, in request_challenges
new_authz)
File "/usr/lib/python2.7/site-packages/acme/client.py", line 656, in post
return self._check_response(response, content_type=content_type)
File "/usr/lib/python2.7/site-packages/acme/client.py", line 572, in _check_response
raise messages.Error.from_json(jobj)
Error: urn:acme:error:rejectedIdentifier :: Policy forbids issuing for name
As far as I can see, certbot is getting an error response with following content:
{
"type": "urn:acme:error:rejectedIdentifier",
"detail": "Policy forbids issuing for name",
"status": 400
}
Thanks a lot for your dedication