For confidentiality reasons I’m unable to mention the company’s name in an open forum.
Essentially, the situation is this:
We are a vendor for a large company. The primary function we serve for this company is public-facing, under a domain (provided to us as a CNAME to one of our domains). As part of our ongoing transition to LetsEncrypt for all of our encryption needs, we attempted to create a cert using cert-manager for this domain. This failed with the following error:
acme: urn:ietf:params:acme:error:rejectedIdentifier: Error creating new order :: Policy forbids issuing for name
If I’m not mistaken, this means that this domain is considered at high risk of phishing and general malfeasance, so all requests are blocked - including, it seems, legitimate ones.
What can we do to address this?