0

Failed to create order: Some of the identifiers requested were rejected

So I use win-acme's to generate my SSL certificates.  On their website they said that they are compatible with Buypass. I have used their certificate generator and it works fine. But when I try to generate your SSL it says:  Failed to create order: Some of the identifiers requested were rejected. This is the full log of what happened so you can see what I did wrong:

 A simple Windows ACMEv2 client (WACS)
 Software version 2.1.16.1037 (release, pluggable, standalone, 64-bit)
 Connecting to https://api.buypass.com/acme/directory...
 Scheduled task not configured yet
 Please report issues at https://github.com/win-acme/win-acme
 N: Create certificate (default settings)
 M: Create certificate (full options)
 R: Run renewals (0 currently due)
 A: Manage renewals (0 total)
 O: More options...
 Q: Quit
 Please choose from the menu: M


 Running in mode: Interactive, Advanced
  Please specify how the list of domain names that will be included in the
  certificate should be determined. If you choose for one of the "all bindings"
  options, the list will automatically be updated for future renewals to
  reflect the bindings at that time.
 1: Read site bindings from IIS
 2: Manual input
 3: CSR created by another program
 C: Abort
 How shall we determine the domain(s) to include in the certificate?: 2


 Enter comma-separated list of host names, starting with the common name: robertzou.com, robertzou.tk, robertzou.ml
 Target generated using plugin Manual: robertzou.com and 2 alternatives
 Suggested friendly name '[Manual] robertzou.com', press <Enter> to accept or type an alternative: My Buypass SSL
  The ACME server will need to verify that you are the owner of the domain
  names that you are requesting the certificate for. This happens both during
  initial setup *and* for every future renewal. There are two main methods of
  doing so: answering specific http requests (http-01) or create specific dns
  records (dns-01). For wildcard domains the latter is the only option. Various
  additional plugins are available from https://github.com/win-acme/win-acme/.
 1: [http-01] Save verification files on (network) path
 2: [http-01] Serve verification files from memory
 3: [http-01] Upload verification files via FTP(S)
 4: [http-01] Upload verification files via SSH-FTP
 5: [http-01] Upload verification files via WebDav
 6: [dns-01] Create verification records manually (auto-renew not possible)
 7: [dns-01] Create verification records with acme-dns (https://github.com/joohoi/acme-dns)
 8: [dns-01] Create verification records with your own script
 9: [tls-alpn-01] Answer TLS verification request from win-acme
 C: Abort
 How would you like prove ownership for the domain(s)?: 7


 URL of the acme-dns server: https://auth.acme-dns.io/register
 Existing acme-dns registration for domain robertzou.com found
 Record: _acme-challenge.robertzou.com
 CNAME: d3f56852-512e-4133-a8bc-30a686c73b58.auth.acme-dns.io
 Verification of acme-dns configuration succesful.
 Existing acme-dns registration for domain robertzou.tk found
 Record: _acme-challenge.robertzou.tk
 CNAME: 7faacd6a-5e6c-429a-a703-5b6c847274a4.auth.acme-dns.io
 Verification of acme-dns configuration succesful.
 Existing acme-dns registration for domain robertzou.ml found
 Record: _acme-challenge.robertzou.ml
 CNAME: 7ecb2595-0ae4-447d-bcda-afffe0a93542.auth.acme-dns.io
 Verification of acme-dns configuration succesful.


  After ownership of the domain(s) has been proven, we will create a
  Certificate Signing Request (CSR) to obtain the actual certificate. The CSR
  determines properties of the certificate like which (type of) key to use. If
  you are not sure what to pick here, RSA is the safe default.
 1: Elliptic Curve key
 2: RSA key
 C: Abort
 What kind of private key should be used for the certificate?: 2


  When we have the certificate, you can store in one or more ways to make it
  accessible to your applications. The Windows Certificate Store is the default
  location for IIS (unless you are managing a cluster of them).
 1: IIS Central Certificate Store (.pfx per host)
 2: PEM encoded files (Apache, nginx, etc.)
 3: PFX archive
 4: Windows Certificate Store
 5: No (additional) store steps
 How would you like to store the certificate?: 2


 Path to folder where .pem files are stored: C:\Program Files\win-acme\Certificates


 Password to use for the private key .pem file or <Enter> for none:


 1: IIS Central Certificate Store (.pfx per host)
 2: PEM encoded files (Apache, nginx, etc.)
 3: PFX archive
 4: Windows Certificate Store
 5: No (additional) store steps
 Would you like to store it in another way too?: 5


 Installation plugin IIS not available: No IIS websites available.
  With the certificate saved to the store(s) of your choice, you may choose one
  or more steps to update your applications, e.g. to configure the new
  thumbprint, or to update bindings.
 1: Create or update https bindings in IIS
 2: Create or update ftps bindings in IIS
 3: Start external script or program
 4: No (additional) installation steps
 Which installation step should run first?: 4


 Terms of service:    C:\ProgramData\win-acme\api.buypass.comacmedirectory\750
 Open in default application? (y/n*) - yes


 Do you agree with the terms? (y*/n) - yes


 Enter email(s) for notifications about problems and abuse (comma-separated): robertzou1234@gmail.com, admin@robertzou.com


 Failed to create order: Some of the identifiers requested were rejected
 Create certificate failed, retry? (y/n*)


 

1reply Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Hi Robert Zou

     

    The Certification Authority Authorization (CAA) DNS Resource Record does not specify Buypass CA, so we are not authorized to issue certificates for robertzou.tk domain. Therefore the order for certificate issuance was rejected.

    Please see more here https://www.buypass.com/ssl/resources/caa for information on which domain names identify Buypass as issuer and how to authorize  Buypass to issue TLS-certificates for your domain.

     

    Regards,

    Andriy

    Like
Like
  • Status Answered
  • 2 yrs agoLast active
  • 1Replies closed
  • 191Views
  • 2 Following

Buypass Official Community

This is the official community of Buypass.  A Root CA located in Norway.

Sign-up using free email domains have been blocked due to increased spam. https://community.forumbee.com/t/63zsyt/blocked-email-domains