Error creating certificates using letsencrypt as in ocket chat AWS guide


#1

Hey all,

Trying to configure Rocket Chat on AWS, following the guide, however I get this:

Requesting to rerun ./letsencrypt-auto with root privileges…
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
An unexpected error occurred:
Error creating new authz :: Policy forbids issuing for name
Please see the logfiles in /var/log/letsencrypt for more details


#2

This happens whenever i get to this part of the guide:

“Step 4: Get an SSL certificate from Let’s Encrypt” and I get to the part where you enter ./letsencrypt-auto certonly --standalone --email emailaddress@email.com -d <domain.com> -d <subdomain.domain.com>

Can anyone help with this, or give an alternative suggestion?:thinking:

I’ve looked on Lets Encrypt forums and got this:

Thanks


#3

Hi

Can you post the logs in /var/log/letsencrypt so we can get more info, please?

This usually means the domain is blacklisted/not allowed to be used with letsencrypt.

I’ve seen this before with trying to get a certificate for a .onion domain on the TOR network as well as any addresses that end in amazonaws.com (eg, ec2-xx-xx-xx-xxx.eu-central-1.compute.amazonaws.com)

Questions:

  • Are you using a standard .com .org .net (or any other common TLD) domain name or is it a .onion/.amazonaws.com domain?

  • Is the domain resolvable from the internet, as in, do you have public DNS set up that is pointing to the domain?

You said you are on AWS - So you’ll need to have an actual domain registered with public DNS pointing to the server. The .amazonaws.com domain that is registered to an AWS EC2 instance will not work as they are blacklisted as ‘high risk’ domains.

The reason for this is that they are ephemeral - You might have it today, but if you terminate that instance, someone else will have it tomorrow.

Let me know how you go with the above info.

Thanks
John


#4

Hey,

Thanks for the reply, very useful.

I was checking out some other cases on the web and can see that most people are saying similar things.

I will purchase a domain to set up on aws and give it another run through.

This is exactly what the problem was…:grin::point_up_2:


#5

I’m glad that put you on the right track!

Woohoo! :slight_smile: