Receiving 'Policy forbids issuing for name' When Creating a Cert



I’m attempting to create a certificate in HAProxy for a domain ending in:, this is our owned domain. I am using the guide found at When I attempt to create a cert, I receive the following error message;

An unexpected error occurred:
The request message was malformed :: Error creating new authz :: Policy forbids issuing for name
Please see the logfiles in /var/log/letsencrypt for more details.

Am I out of luck with creating a free certificate for our domain using Let’s Encrypt? Or am I simply missing a step? Thanks for any help.


I would imagine that all subdomains in would be blacklisted (to avoid impersonating). I might be wrong though :slight_smile:

Also from * site I would expect an OV/EV certificate :relaxed:


Also, you say this is “our owned domain” but so far as I can tell Microsoft does not publish DNS records for this entire sub-domain tree. Public CAs are not permitted to issue for names unless they’re on the public Internet.

So even if there wasn’t a policy restriction for this name, you probably wouldn’t be able to validate your control over it, and thus wouldn’t be able to receive a certificate, whether from Let’s Encrypt or any other CA.


Microsoft’s owns that domain. You’re just borrowing it or being assigned. You need to get your own domain which you control.

A LetsEncrypt official response regarding domains on amazon’s infrastructure being blacklisted is in this thread: Policy forbids issuing for name on Amazon EC2 domain

A relevant quote that probably applies to this microsoft issue:


That’s what I was afraid of. Thanks for everyone’s comments. It looks like LE won’t work for our needs, at least until we move to a new domain.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.