Common Name (CN): yidongku.xx.xx, *.yidongku.xx.xx, filehosting.xxxxx.xx, *.filehosting.xxxxx.xx, rapidfire.xxx.xx, *.rapidfire.xxx.xx, send-to-space.xx.xx, *.send-to-space.xx.xx, woshare.xx.xx, *.woshare.xx.xx, summerfall.xxx.xx, *.summerfall.xxx.xx, meocuoisaochoi.xxx.xx, *.meocuoisaochoi.xxx.xx, cloudrive.xxx.xx, *.cloudrive.xxx.xx
Organization (O): My Company Co., Ltd.
Country (C): VN
Hashing Algorithm: SHA-256
Signing Algorithm: ECDSA
Key Size: 256
That website created me CSR and KEY, I used SSLForFree.co to create a certificate for me, I checked “I Have My Own CSR” then paste the CSR generated from the website and click “Download SSL Certificate”.
After a while, I received the error message:
{ "type": "urn:ietf:params:acme:error:badCSR", "detail": "Error finalizing order :: CN was longer than 64 bytes", "status": 400 }
The CN is very long, up to 318 characters. However, I don’t want to split it to register into multiple certificates, it is very inconvenient to renew.
Therefore, I would like to ask is there any way to register SSL certificate with CSR self-created and CN very long?
Thanks for any of your help!
I know, so I want to know if there is any solution to help me “bypass” the 64-character limit? Separating them from multiple registrations is very annoying, the renewal also takes a lot of time and I’m worried my domain name and IP will be limited.
I tried using *.summerfall.xxx.xx only in CN and I got the error:
{ "type": "urn:ietf:params:acme:error:unauthorized", "detail": "Error finalizing order :: Order includes different number of names than CSR specifies", "status": 403 }
CN will only parsed as single name by browser even if it’'s shorter then 64charactor.
you put on all the names in SAN extension (you need to do this anyway, as let’s encrypt reject if csr 's CN doesn’t included in it’s SAN extension.
if you better to let client write CSR for you. as LE only do DV certificate, your Organization and country name will be droped.