Policy forbids issuing name for AWS?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:ec2-52-15-234-102.us-east-2.compute.amazonaws.com

I ran this command:sudo ./letsencrypt-auto certonly --standalone --email geoffrey.russell@gmail.com -d ec2-52-15-234-102.us-east-2.compute.amazonaws.com

It produced this output:Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
An unexpected error occurred:
Error creating new order :: Policy forbids issuing for name
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version): apache2 2.4.29-1ubuntu4.6

The operating system my web server runs on is (include version): Ubuntu 18.04.1 LTS

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.23.0

compute.amazonaws.com domains are intentionally blacklisted. They are often ephemeral and Let’s Encrypt don’t want users issuing certificates for them.

If you don’t want to buy a domain name, there are other options, like freenom.com and afraid.org.

2 Likes

I’m a little new to this so here’s what I think you are saying … can you please confirm (or not)

If I want to use an aws server, then I need to register some other domain name NNN and use DNS to point it at the IP (Elastic IP) of the AWS server, then the SSL license that letsencrypt generates will be fine as long as people visit the site using https://NNN/

Is that right?

Hi @GeoffRussell

yes, that's the normal setup. One ip address, some domains with some webservers and vHosts.

And certificates per vHost.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.