Comments (5)
githubRover
commented on June 2, 2024
Let's Encrypt made a recent change about the CN Name. Read more about that here:
https://community.letsencrypt.org/t/domain-ordering-not-respected-unexpected-certificate-subject/195337/23
Also see this for general info about CN Name. It's written by a dev for a different ACME Client but the notes regarding Let's Encrypt behavior is the same for all ACME clients.
certbot/certbot#9633 (comment)
from getssl.
exxosuk
commented on June 2, 2024
Thanks, so this should really solve itself then.
from getssl.
githubRover
commented on June 2, 2024
Well, it depends on what you were expecting in the CN Name field. From the post by jsha:
Update: We've decided to go back to the old behavior: issuance requests with no Subject CN in the CSR will have the first SAN copied into the Subject CN of the issued certificate
from getssl.
exxosuk
commented on June 2, 2024
The first SAN would solve my problem. Oddly seems to be choosing the last one in the list currently.
Though I cannot figure out if this can be set manually or not. It sounds like it was phased out. It's a bit confusing.
from getssl.
githubRover
commented on June 2, 2024
In long term CN name will be empty (no timeframe). It was deprecated like 20+ years ago and the industry looks for ways to shrink the certs that traffic the net.
If you are building something new which looks at CN name you might consider an alternative approach.
from getssl.
Related Issues (20)
- Feature Request: Change private key ownership
- date_epoc fails to convert date from cyrilic HOT 4
- ERR_CERT_DATE_INVALID on different port numbers ? HOT 1
- combined .pem for pure-ftpd ??? HOT 1
- Wildcard certificates with bind9 ?
- Move from Staging to Production? HOT 1
- DNS verification not working HOT 6
- revoke : Invalid key file ? + --account-id bug ? HOT 3
- cp failing due to identical files is still counted as a failure
- Is there a way to change the administrator email address registered with Letβs Encrypt using getSSL? HOT 3
- DNS CNAME check failed HOT 1
- Certificate on remote domain does not match, ignoring remote certificate (example.com != mydomain.net) HOT 12
- DNS script for Linode needs updating for V4 API
- I need help with CA's and Firefox HOT 3
- comma appended to server name? HOT 2
- Error with Azure DNS + LetsEncrypt domain validation token that starts with a dash char
- More stray http01 tokens
- CNAME issues with dns-01
- Too many server reloads; stale certificate exposed
- DNS-01 validation for non-wildcard names HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from getssl.