Certbot error creating new order policy forbids issuing for name
A Certbot error!
The error message "policy forbids issuing for name" usually indicates that the domain name you're trying to obtain a certificate for is not allowed by the Certificate Authority (CA) or the Certificate Policy (CP) you're using.
Here are a few possible solutions:
- Check the domain name: Make sure the domain name you're trying to obtain a certificate for is valid and not blocked by the CA. You can try using a different domain name or checking the CA's website for any known issues.
- Check the Certificate Policy: Certbot uses the "Etsy" Certificate Policy by default, which has some restrictions. You can try using a different Certificate Policy, such as "ISRG" (Let's Encrypt's default policy), by running the following command:
certbot certonly --agree-tos --email [email protected] --non-interactive --expand --domains -d example.com,www.example.com --policy isrg --rsa-key-size 2048
- Check the domain name's DNS records: Make sure the domain name's DNS records are correct and up-to-date. The CA may reject the certificate request if the DNS records are not valid or do not match the domain name.
- Check the CA's rate limits: Some CAs have rate limits on the number of certificate requests you can make per hour or per day. If you've exceeded these limits, you may need to wait or try again later.
- Check the Certbot logs: Sometimes, the error message can be misleading, and the actual issue is something else. Check the Certbot logs to see if there are any other error messages or clues that can help you troubleshoot the issue.
If none of these solutions work, you can try searching for more specific error messages or seeking help from the Certbot community or a Linux forum.