Bill Hartzer

Denied SSL Certificates Because of Their Domain Names

For the second time in a row, one of my domain names has been denied an SSL certificate because of it’s domain name. But, this second time, the website went down without warning, despite being on CloudFlare.

tldr; I was denied, twice, with two separate domain names, because I have the word “bank” in my domain names.

The Background

To provide a little background, I live in a small town of 3503 people (and a lot of cattle) in Texas called Mabank, Texas. It’s right next to Gun Barrel City, Texas, about an hour southeast of Dallas. Back in the late 1990s when I moved here, I tried to get ahold of Mabank.COM, but that’s being used by a bank, the Macon-Atlanta State Bank, in Macon Missouri.

I had to resort to buying (and using) Mabank.Net for one of my servers, and a few years later, I put up a website for my small town called MabankOnline.com, only updating both of those sites once every few years. Also, there are other “official” websites that are town-related websites, such as MabankISD.Net (the town’s school system), and the town’s website is at cityofmabanktx.org, which are not HTTPs.

Denied an SSL Because of the Domain

Back in November 2017, I started having issues with with one particular domain name on the Mabank.net server at HostDime. The issue was a brute force attack on one of the WordPress sites hosted on it. Support at HostDime ran a cPanel update to try and obtain a new SSL for the hostname, which uses a name server at Mabank.net.

That’s when HostDime ran into an issue:

“Due to your hostname having the word ‘bank’ in the name the validation process is going to take longer than usual. This is to prevent scammers from purchasing SSLs for a bank website which is not legitimate. We will check back again on Monday to see if the SSL was issued and if it has not then we will get in contact with cPanel and Comodo to issue the SSL.”

Then, after the SSL issue was (luckily) resolved by the support staff at HostDime, the issue with the SSL was resolved. The response from support was:

"It is unfortunate since you having nothing related to banking. Luckily, your old server already had a valid SSL issued and we were able to migrate that over to your new server without any issues."

Well, unfortunately my issues with domain names and SSL continued.

Since Google has been really trying to force all website owners to move their websites over to HTTPs (SSL), this year I decided to move a lot of the websites that I own over to HTTPs. Since I have a lot of small-ish websites that don’t get a lot of traffic, it doesn’t make sense for me to purchase SSLs for each and every site that I own. Since Cloudflare offers free SSL certificates if you use their service, it was logical for me to use Cloudflare. I use their paid service for this blog, so adding all of my other sites to Cloudflare to use their free SSL option was easy.

Back several months ago, I moved one of my small local websites (that has been up and running for over 10 years), MabankOnline.com, over to Cloudflare. I made all the necessary internal changes on the WordPress site to move it to HTTPs. For months it did fine–even kept search engine rankings that it has had for 10 years. Then, just recently, I noticed that the website was, all of a sudden, unreachable.

I logged into Cloudflare to check the status–and it apparently was up and running. I paused the site in Cloudflare, expecting it to come back on, even checked the server it was on. Nothing. I went ahead and put in a ticket at Cloudflare, trying to find out what was going on. I got a response, fairly quickly:

It looks like we have had issues renewing your certificate due to concerns over potential phishing activity based on the name of your domain. We are working with our certificate authority to resolve the issue, and I will update you as soon as I can.

In the mean time, you can pause Cloudflare to restore service.

I apologize for the inconvenience.

So, basically, Cloudflare had an issue renewing the SSL certificate for my domain name, MabankOnline.com, because it had “bank” in the domain name. And the only way that Cloudflare recommended dealing with the issue was to pause Cloudflare to restore the domain name so it would resolve:

So, what’s what I did. I needed the website to resolve and not be down–so I paused it and it now resolves. But that didn’t take care of the issue of the SSL certificate being denied.

A few hours later, as I finish up writing this post, I received an email response from support at Cloudflare:

Your SSL certificate should be reissued and you should no longer be seeing these errors. We are investigating the root cause of this issue so we can ensure this does not happen again.

Well, it does look like the website, MabankOnline.com is back up and running. But honestly, I don’t think the issue needs to be investigated by Cloudflare. They will find the root cause of the issue, which is the fact that I have “bank” in my domain name. And, there’s another BANK besides Mabank, Texas. Apparently having ‘bank’ in your domain name will get your SSL certificate denied. You usually (in my case) can get it reinstated upon appeal, but I’m kind of leery about getting another SSL certificate for some of my other “mabank” domain names.

This is exactly why I am really behind the use of the New TLD “.BANK”. This is a closed TLD (Top Level Domain), where only an approved financial institution can get a .BANK domain name. If the banks in the United States moved to a .BANK domain name, we’d all know that it’s actually a bank or financial institution if they’re using a .BANK domain name. Just like we can trust a .GOV and a .EDU domain name.

Is there anything I can do to ensure my “Mabank” domain names and websites aren’t denied an SSL certificate? This appears to be an issue that’s related to the name of the town I live in, and the domain names I’m registering and using (putting up websites related to my town).

Exit mobile version