I wrote a client based on reading multiple clients instead of docs. Because of that, I made a mistake – but that mistake works on the staging server (I haven’t used the full server yet).
The issue: according to specs shared on this forum when submitting a CSR for multiple domains
, the “subject” should be domains[0]
and the “subjectAlternativeNames” should be domains
(and that the domain must appear in subjectAlternativeNames)
ie:
domains = [example.com, a.example.com, …]
subject = example.com
subjectAlternativeNames = example.com, a.example.com, …
My code was submitting an empty subject ("/’), yet still being signed.
The subject then appears as the serial number . in text view it appears as the serial without the colons:
Serial Number:
fa:65:0e:03:50:b5:98:e2:37:3f:97:33:62:30:8d:ff:e6:80
Subject: serialNumber=fa650e0350b598e2373f973362308dffe680
Based on my understanding, should the acme signing authority reject the certificate because it does not have a domain in the subject?