Unfortunately the signing-portal process is NOT [hopefully, yet] perfect.
I have had rejections stating that only one file and a subfolder of the same name are allowed in the RBZ.
But of course that’s exactly what there was in the submitted RBZ.
Some compression apps give false results when the signing-portal parses them !
Although you ought to be able to sign a simple plugin [non-extension] - if its RBZ has a matching folder to take the .hash file - it will often fail if that folder is empty - fixed by adding a spurious non-signed file like a .hash that is overwritten by the process !
The only thing I can suggest is that you to tell the guys at the signing-portal - although in my experience it is far from useful !
I have already demonstrated to them in private messaging a major security hole in the signing and load-checking process - basically, caused by SketchUp extension code loading by file-name - NOT file-name+file-type - so an unsigned [but the hash-checker does not spot it] vanilla RB, in preference to the ‘real’ signed RBS - allowing malicious content to be added to an RBZ, while retaining its signed validity !
So a idiot downloading an RBZ from a non-kosher site [i.e. one that’s NOT a ‘good’ one - e.g. EW or SketchUcation PluginStore, Smustard etc], could be fooled into thinking it was validly signed and perfectly safe - when of course it wasn’t !
Of course, a sensible user downloading an RBZ from one of the ‘good’ sites actually needs NO signing to be assured of its validity anyway.
So the whole draconian signing regime is very flawed [IMHO].
But who am I to criticize this new ‘innovation’ ?
Other opinions would be very welcome…