Since the common name of an SAN certificate doesn’t make any sense in terms of authentication, I suggest to allow users to customize the common name of SAN certificates if they want.
Hi, even if it does not make sense in most cases there is no other way to make sure that you “own” the way,
then to use one of the domain names from the SAN list. Because only this is currently verified.
Maybe in an future version there is an way to verify the mail for the account holder to and use this.
But currently i see no chance to use any other values.
What do you want there? I think it’s just the first domain in your list, so just use the one you want as common name first.
yeah for SAN ssl common name is 1st listed domain in command passed for
-d domain1.com -d domain2.com so common name domain1.com Letsencrypt Webroot Authentication Tested on Beta invited/whitelisted domain
I want to use arbitrary string as the common name, because browser doesn’t check common name at all for SAN certificates.
Other implementations may, there’s no reason to allow an arbitrary string.
This will not be possible. Only verified user data that have been checked within an RA process should be written to a certificate. Arbitrary strings are, well, difficult to check.