Error creating certificates using letsencrypt as in ocket chat AWS guide

N.C · March 16, 2018, 7:16pm

Hey all,

Trying to configure Rocket Chat on AWS, following the guide, however I get this:

Requesting to rerun ./letsencrypt-auto with root privileges…
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
An unexpected error occurred:
Error creating new authz :: Policy forbids issuing for name
Please see the logfiles in /var/log/letsencrypt for more details

N.C · March 18, 2018, 4:16am

This happens whenever i get to this part of the guide:

“Step 4: Get an SSL certificate from Let’s Encrypt” and I get to the part where you enter ./letsencrypt-auto certonly --standalone --email emailaddress@email.com -d <domain.com> -d <subdomain.domain.com>

Can anyone help with this, or give an alternative suggestion?

I’ve looked on Lets Encrypt forums and got this:

Thanks

JSzaszvari · March 19, 2018, 9:07am

Hi

Can you post the logs in /var/log/letsencrypt so we can get more info, please?

This usually means the domain is blacklisted/not allowed to be used with letsencrypt.

I’ve seen this before with trying to get a certificate for a .onion domain on the TOR network as well as any addresses that end in amazonaws.com (eg, ec2-xx-xx-xx-xxx.eu-central-1.compute.amazonaws.com)

Questions:

Are you using a standard .com .org .net (or any other common TLD) domain name or is it a .onion/.amazonaws.com domain?
Is the domain resolvable from the internet, as in, do you have public DNS set up that is pointing to the domain?

You said you are on AWS - So you’ll need to have an actual domain registered with public DNS pointing to the server. The .amazonaws.com domain that is registered to an AWS EC2 instance will not work as they are blacklisted as ‘high risk’ domains.

The reason for this is that they are ephemeral - You might have it today, but if you terminate that instance, someone else will have it tomorrow.

Let me know how you go with the above info.

Thanks
John

N.C · March 19, 2018, 10:13pm

Hey,

Thanks for the reply, very useful.

I was checking out some other cases on the web and can see that most people are saying similar things.

I will purchase a domain to set up on aws and give it another run through.

This is exactly what the problem was…

JSzaszvari · April 7, 2018, 8:24pm

I’m glad that put you on the right track!

Woohoo!

Topic		Replies	Views
Problem with certbot in the certificate generation Community Support	7	1455	June 16, 2018
SSL certificate Community Support	2	1072	July 16, 2018
Setting your own certificate to https for rocket chat Community Support	1	378	March 25, 2022
Permission Denied Error EC2 For LetsEncrpt RaspberryPi and ARM	0	368	July 16, 2022
Let's encrypt terms Community Support	3	1384	March 4, 2020

Join our Community Open Call tomorrow where we'll share more details regarding recent changes and answer questions about updating your workspace to the latest Rocket.Chat

Error creating certificates using letsencrypt as in ocket chat AWS guide

Related Topics