DNSSEC extension: Cannot Sign the DNS zone: Stderr:dnssec-keygen: fatal: unknown algorithm EC/AP256SHA256
Website copying fails over FTP: ftp_filemng: error: cURL upload failed: Failed FTP upload
Unable to obtain data on keyword using SEO Toolkit extension: Sorry, an error occurred in the API request
Unable to scan WP instances: Unable to process "./.cagefs/opt/alt/php55/var": No such file or directory
Let's Encrypt certificate could not be issued: CSR could not be generated: error:0E06D06C:configuration file routines:NCONF_get_string:no value
LDAP auth not working on Plesk for windows: LDAP local: No Memory
Git can execute additional deployment actions outside home dir
Сannot enable Domain Traffic Monitor: Failed to start worker: os: process already finished
Fail2Ban and Modsecurity cannot be activated over Plesk Advisor: ERROR No file(s) found for glob /var/log/modsec_audit.log
URL of WordPress instance installed on subdomain in Plesk is not changed after renaming main domain

See more

Unable to obtain a Let's Encrypt certificate: Error creating new authz :: Policy forbids issuing for name

Updated September 09, 2019 06:06

Applicable to:

Plesk for Linux
Plesk for Windows

Symptoms

The following error is shown while trying to obtain a certificate for domain:

PLESK_ERROR: Failed to secure panel: Invalid response from https://acme-v01.api.letsencrypt.org/acme/new-authz:
Error creating new authz :: Policy forbids issuing for name.

OR

PLESK_ERROR: Error: Could not issue a Let's Encrypt SSL/TLS certificate for exactblacklist.letsencrypt.org
Perhaps this domain is at risk group and is blacklisted on the Let's Encrypt side.
Invalid response from http://example.com/acme/newauthz.
Details:
Type: urn:acme:error:rejectedIdentifier
Status: 400
Detail: Error creating new authz :: Policy forbids issuing for name
The same error can occur in an attempt to secure Plesk.

Cause

A domain name or hostname is blacklisted.

Let's Encrypt policy does not allow to issue a certificate for such domain name or hostname.

Resolution

For domain

If the domain name is blacklisted, e.g. *.cloudapp.net or *.amazonaws.com, then Let's Encrypt fails to issue a certificate.

Change the domain name to another one:

Log in to Plesk.
Go to Plesk > Domains > Hosting Settings.
Change the Domain name to another one and press the OK button to apply changes.

For Plesk

During the securing Plesk using steps from this article:

How to secure Plesk login page URL with SSL certificate?

Plesk is tried to be secured by using server hostname by default.

If the hostname is blacklisted, e.g. *.cloudapp.net or *.amazonaws.com, then Let's Encrypt fails to issue a certificate.

Specify another domain name that will be used for accessing Plesk.

Additional information

Policy forbids issuing for name on Amazon EC2 domain.
Error creating new authz :: Policy forbids issuing for name - Azure.
Azure support (cloudapp.net).
Contact Let's Encrypt community if it is required to receive additional information.

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request