I may have found a small bug with how LE handles subjectAltNames

I wrote a client based on reading multiple clients instead of docs. Because of that, I made a mistake – but that mistake works on the staging server (I haven’t used the full server yet).

The issue: according to specs shared on this forum when submitting a CSR for multiple domains, the “subject” should be domains[0] and the “subjectAlternativeNames” should be domains (and that the domain must appear in subjectAlternativeNames)

domains = [example.com, a.example.com, …]
subject = example.com
subjectAlternativeNames = example.com, a.example.com, …

My code was submitting an empty subject ("/’), yet still being signed.

The subject then appears as the serial number . in text view it appears as the serial without the colons:

Serial Number:
Subject: serialNumber=fa650e0350b598e2373f973362308dffe680

Based on my understanding, should the acme signing authority reject the certificate because it does not have a domain in the subject?

1 Like

No, using a CommonName in the Subject is actually considered deprecated behaviour, although most certs still include it anyway for various reasons.

1 Like

Hello @jvanasco,

As @cool110 said, this is not a bug. It's worth to take a look to this post Certificates with serialNumber in subject.


1 Like

Thanks for all this info!

Glad to know what I wrote was actually right!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.