Policy forbids issuing to my name

cookeh · May 7, 2017, 12:35am

I had an SSL certifice here for 6 months and then it expired. I waited a few months to get a new one (because I am lazy). I then created a brand new certificate, getting rid of the old one. I did do some searching on this topic, and a possible conclusion is my domain blacklisted? My site is a work in progress and switching providers/domain names isn’t something I want to do.

In case this is needed, www.cookeh.org is the domain (hosted on aws).

Thank you very much

Also, if it is a “phishing issue”, my site isn’t attempting to trick anyone, in fact there is no purpose for anyone to log in right now. I am simply focused on making a secure site.

ahaw021 · May 7, 2017, 2:27am

hi @cookeh

Can you also paste the error messages you are getting so we can confirm it is to do with issuing policy rather than another issue.

Please fill out the fields below so we can help you better.

My domain is:

I ran this command:

It produced this output:

My operating system is (include version):

My web server is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Andrei

mnordhoff · May 7, 2017, 2:43am

Are you sure you’re experiencing an issue with cookeh.org?

There was a certificate issued for it barely a week ago:

https://crt.sh/?id=130339451

And it doesn’t appear to be blocked for me.

However, a lot of AWS hostnames (e.g. ec2-192-0-2-0.compute-1.amazonaws.com) are blocked. If you’re trying to get a certificate covering every name on your system, including the amazonaws.com one, that is likely to fail. But just cookeh.org on its own ought to be okay.

cookeh · May 9, 2017, 3:46am

Hey, you are right. I did produce a certificate but I kind of messed up since I forgot how to do them (since its been about 9 months since the last one was issued). I had to re-do the ssl on my EC2 instance. So I need to get new certificates since I don’t have the old ones anymore. Is there a waiting period for me to get a new one?

cookeh · May 9, 2017, 3:49am

My domain is: cookeh.org

I ran this command: I hit create ssl certificate on the website.

It produced this output: policy forbids issuing certificate to this name

My operating system is (include version): windows 10

My web server is (include version): linux

My hosting provider, if applicable, is: amazon web services

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no im using an EC2 instance

NOTE: I did request a certificate about a week ago. I messed up and need a new one. Is there a waiting period between certificates? Sorry for the late reply, just got done with exams

mnordhoff · May 9, 2017, 4:04am

Which website? What specifically was the input? Most importantly, what names?

Did it give a more detailed error message or other debug information?

Not really. There are rate limits. But you could issue five identical certificates in a second or two if you wanted to.

cookeh · May 9, 2017, 4:39am

I used: https://www.sslforfree.com
I just re-did the action without error. I don’t know what it was, but I guess its working now so never mind Thanks for the help!

system · June 8, 2017, 4:53am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.