Third-party CNAME on LetsEncrypt blacklist?

seb-azavista · March 27, 2019, 1:58pm

For confidentiality reasons I’m unable to mention the company’s name in an open forum.

Essentially, the situation is this:

We are a vendor for a large company. The primary function we serve for this company is public-facing, under a domain (provided to us as a CNAME to one of our domains). As part of our ongoing transition to LetsEncrypt for all of our encryption needs, we attempted to create a cert using cert-manager for this domain. This failed with the following error:

acme: urn:ietf:params:acme:error:rejectedIdentifier: Error creating new order :: Policy forbids issuing for name

If I’m not mistaken, this means that this domain is considered at high risk of phishing and general malfeasance, so all requests are blocked - including, it seems, legitimate ones.

What can we do to address this?

stevenzhu · March 27, 2019, 2:10pm

Hi,

You could contact @lestaff to resolve this issue.
I'm not exactly sure how it works, but you would at least prove ownership and permission to issue certificate with such domain to Let's Encrypt to allow your account to issue certificate for this domain.

Thank you

cpu · March 27, 2019, 2:39pm

Hi @seb-azavista

I will DM you. I'll need to know the domain name in question in order to advise you on next steps.

system · April 26, 2019, 2:39pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.