I requested authorization for jason.stallin.gs and it passed verification but will not issue a cert for that domain


#1

I get the error:

Acme::Client::Error::Unauthorized: Error creating new cert :: Authorizations for these names not found or expired: jason.stallin.gs

However, if I request a cert for “stallin.gs” only it issues it.

So basically I requested auth for a subdomain and it authorized the common name and not the subdomain. Nowhere in my requests did I mention the common name at all.


#2

The common name is a field in the certificate/CSR. The authorization step in the ACME flow would happen before you get to the part where you submit the CSR. It would not have any implications on the authorization stage, that’s something the client has to handle separately.

It sounds to me like this is an issue with the client you’re using. Maybe your client does not look at the Subject Alternative Name (SAN) field on the certificate and only requests authorization for the Common Name, which happens to be stallin.gs. In that case, this would be an issue with that particular client and you’d probably need to report that there, or switch to a client with SAN support.


#3

I’ve since figured out what the problem is and it is indeed with the client (or rather, how I’m using the client). Thanks for the reply.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.