[FIXED BUG] mod_rewrite stopped working. All pages on WordPress sites show 404
How to manage Plesk extensions (install, disable, remove, update)
Mail stuck in queue when Plesk Email Security installed on SELinux enforced server
Cannot change Node.js application root in Plesk: Class 'CommonPanel_Validate_FileSharing_FolderName' not found
RapidSSL and GeoTrust paid SSL certificates provided by SSL It! extension are not supporting www and SAN
Unable to update Wordpress: WordPress version requires PHP version 5.6.20 or newer
Amavis is not installed/removed along with Plesk Email Security
Server with Plesk Email Security no longer sends/receives emails: [127.0.0.1]:10024: Connection refused
Unable to access SSL/TLS Certificates for a domain: Argument 3 passed to BaseComponentChecker::getCertificateStatus() must be an instance of PleskExt\SslIt\Certificate
Unable to access the SSL/TLS certificate page: Reduce of empty array with no initial value

See more

Cannot issue Let's Encrypt certificate in Plesk: Error creating new authz :: Policy forbids issuing for name

Updated November 03, 2020 20:23

Plesk for Windows Plesk for Linux DoNotDelete:docref kb: technical ext: le ABT: Group B

Applicable to:

Plesk for Linux
Plesk for Windows

Symptoms

The following error is shown while trying to obtain a certificate for domain:

PLESK_ERROR: Failed to secure panel: Invalid response from https://acme-v01.api.letsencrypt.org/acme/new-authz:
Error creating new authz :: Policy forbids issuing for name.

PLESK_ERROR: Error: Could not issue a Let's Encrypt SSL/TLS certificate for exactblacklist.letsencrypt.org
Perhaps this domain is at risk group and is blacklisted on the Let's Encrypt side.
Invalid response from http://example.com/acme/newauthz.
Details:
Type: urn:acme:error:rejectedIdentifier
Status: 400
Detail: Error creating new authz :: Policy forbids issuing for name
The same error can occur in an attempt to secure Plesk.

Cause

A domain name or hostname is blacklisted.

Let's Encrypt policy does not allow issuing a certificate for such domain name or hostname.

Resolution

For domain

If the domain name is blacklisted, e.g. *.cloudapp.net or *.amazonaws.com, then Let's Encrypt fails to issue a certificate.

Change the domain name to another one:

Log in to Plesk.
Go to Domains > Hosting Settings.
Change the Domain name to another one and press the OK button to apply changes.

For Plesk

During the securing Plesk using steps from this article:

How to secure Plesk login page URL with SSL certificate?

Plesk is tried to be secured by using server hostname by default.

If the hostname is blacklisted, e.g. *.cloudapp.net or *.amazonaws.com, then Let's Encrypt fails to issue a certificate.

Specify another domain name that will be used for accessing Plesk

Comments

4 comments

Jordan Dayton August 26, 2020 16:26

Is there any way to find out WHY a domain is blacklisted?

0

Comment actions Permalink
Ivan Postnikov September 01, 2020 11:00

Hello Jordan Dayton

To clarify this I can suggest contacting Let's Encrypt.

0

Comment actions Permalink
Hüppe Keith September 23, 2020 07:57

I get this error on Amazon light sail and I have to manually update my ssl every month. I'm pretty sure other users are in the same boat as me.

This is a straight up LIE. My website is down and plesk knows it. I've been trying to find a workaround for this issue but the only thing I can think of is moving out of amazon lightsail.

0

Comment actions Permalink
Ivan Postnikov September 24, 2020 14:11

Hello @Hüppe Keith

As I understand, you get the same error as in this article but you're able to issue a certificate manually. This issue it to be investigated. Amazon Lightsail instances are supported directly by Plesk. Please, submit a support request.

0

Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request