Problem with domain name


Hello everyone, i need a support

My domain is:,
I will try to create certificate, but i see error in log file /home/bitrix/dehydrated_update.log: Error-creating-new-authz-Policy-forbids-issuing-for-name


This is misleading - both domains are actually fine to use with Let’s Encrypt.

I would check a couple of things:

  1. Did you create the CSR for this certificate request by yourself? It’s possible that it was incorrectly generated, but it’s hard to know without seeing the full log file, and also seeing the exact commands you used with dehydrated.
  2. The error might be related to rate limits. One of your domains is presently maxed out on rate limits:
Rate Limit Current Status Domain
50 Certificates per Registered Domain per week OK (5 / 50 this week.)
5 Duplicate Certificates per week Limit exceeded. Next issuable at 2018-12-13T14:09:02.000Z

Summary generated at .


full dehydrated_update.log:

I will try to create from bitrixvm. He is got automatic certificate release. I just add domain, DNS, email


Here is the key line:

Processing with alternative names:

Your error message about “policy forbids issuing for name” refers to, which Let’s Encrypt refuses to issue certificates for, because it is a high-risk/valuable domain.

Your server is requesting certificates for and … and I guess you do not really control these domains. You should remove them from dehydrated’s configuration.


A record for Why he is asking DNS yandex servers?


Please show this file:
# INFO: Using main config file /home/bitrix/dehydrated/config



There are only 6 lines used in all that and none can explain why this is happening:
Processing with alternative names:
Are you on a “shared” system…?
Is there any other dehydrated file (or included file) that can explain it?


It might be in domains.txt:

# File containing the list of domains to request certificates for (default: $BASEDIR/domains.txt)

Even though it’s commented, I suspect it’s the default place to stick your domains.

Or there is the nuclear option:

grep -Ri yandex /home/bitrix/dehydrated


Yes, in domains.txt. Is that a problem?

grep -Ri yandex /home/bitrix/dehydrated



By including those lines, you are asking Dehydrated to create certificates for and

Remove those lines, and those domains will no longer be involved.


Thank you so much.
But now i see a new problem. I will try to create certificate for


As I mentioned in my very first response, you’re currently rate limited from creating too many duplicate certificates.

You won’t be able to make one for your .com domain for around 2 more days.

If you saved your existing certificates, you should just use them.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.