"type": "urn:acme:error:malformed", "detail": "Error creating new cert :: policy forbids issuing for: \"pc_control\"", "status": 400

I just wanted to create a ssl certificate from a CSR but it shows me the above error. When creating one without CSR it works fine.
Here’s the config.cnf:

[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no

[req_distinguished_name]
C = EU
ST = DE
L = U****
O = P*****
CN = pc_control

[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @subject_alternate_names

[subject_alternate_names]
DNS.1 = a********.ddns.net

The common name should be one of the SAN DNS FQDN’s.

By the way, is there a reason you’re generating your own CSR? In stead of just getting a client to handle that sort of thing? Because Let’s Encrypt doesn’t sign the CSR directly. It will only pick the information it needs to generate a certificate and effectively will ignore everything else.

I’ve been trying to run my own web service for an alexa skill for the amazon echo dot, but I’m constantly running into various problems so I’m troubleshooting and trying to fix the issues. I’m pretty frustrated about it.

create valid csrs

there are various tools online to check them

the internet cannot resolve pc_control so there is not way for a public CA (LetsEncrypt) to resolve it

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.