Comments (3)
This sounds like a bug in the client. You want to post it at:
https://github.com/letsencrypt/boulder/issues
On Tue, Nov 10, 2015 at 8:01 AM, Izzy [email protected] wrote:
As Let's Encrypt doesn't support wildcard certificates, we have to use
multiple subjectAltNames. Unfortunately this leads to a problem if the list
exceeds a certain length (I guess #183
#183 is related here).
In my specific case, the list ends up with 97 chars – and I receive the
following error:Error: [('asn1 encoding routines', 'ASN1_mbstring_ncopy', 'string too long')]
I played with it a little, having the same error with 67 chars – but no
longer when coming below 65 chars. So the list of host names is limited to
64 bytes, including the separators. Unfortunately, for the affected host I
cannot use multiple certificates (i.e. a separate cert for each host name)
– I need a certificate holding all the hosts.Any way to get that working? Note this could already happen if the cert
should cover 2 hosts with a long name (64/2 = 32, so if the length of both
host names is 32 char (making up an example:
testengine32.special-junkies.org has exactly 32 char), it would already
break.A sanitized stack-trace can be found at pastebin
http://pastebin.com/vs60WXn2 if needed.System: Ubuntu 12.04 64bit.
—
Reply to this email directly or view it on GitHub
#232.
from acme-spec.
Update: it seems to work with the domain names specified at the command line (-d host1 -d host2 …
). Checking the resulting .conf
file in /etc/letsencrypt/renewal
showed domains separated by comma and space (e.g. domains = host1, host2, …
) – while I had separated them only by spaces (which works fine when not exceeding 64 bytes). Trying it again with the same operators in my config file (passed using the -c config.ini
parameter) breaks as well with the same error – so this seems to be a limitation of the config file to pass with -c
.
Currently I can live with the mentioned work-around. Would be nice to see it fixed, though.
@ekr Oh – I see, I've hit the wrong place. Blame my Google-Fu, and apologies!
from acme-spec.
OK, moved the issue over here – @ekr is right, it doesn't target the spec but rather a bug in the client. Hence closing this issue, having "the task moved" to the right place (hopefully).
from acme-spec.
Related Issues (20)
- 7.4 DNS Challenge *pre*pends label HOT 5
- 9.1 update outbound cxn methods HOT 1
- Differing description of {DVSNI, DNS} validation mechanism in 7.2, 9.2 HOT 1
- Add RECOMMENDED line to stronger DNS validation HOT 1
- Dns challenge signature is too long for dns TXT record HOT 6
- Specify type of "true" / "false" value for "tls" field. HOT 3
- .well-known ACME challenge files blocked 403 Forbidden in some Nginx configurations HOT 8
- method needed for forwarding *.acme.invalid to correct server HOT 3
- Register .well-known/acme-challenge with IANA HOT 2
- Describe 'validationRecord' (part of a challenge-resource) HOT 1
- Usage of RFC3339 - "5.3 Rarely Used Options" HOT 3
- Clarification on which spec to use HOT 2
- Domain validation and usage of userkey pair discussion HOT 1
- Travis integration may expose integration keys HOT 6
- http-01 and dns-01 challenges: just use account key HOT 1
- dns-01 walk-up HOT 1
- Letsencrypt behind a firewall with NAT HOT 4
- --agree-tos in ACME clients: acceptable or not? HOT 2
- Add alternate hostname for http challange HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acme-spec.