Install ssl error -

install ssl error -
Domain บริษัทรักษาความปลอดภัยโพรเกรสอินเตอร์เทค.com


Found wildcard domain name and http-01 challenge type, switching to dns-01 validation.
Requesting new certificate order…
Processing authorization for บริษัทรักษาความปลอดภัยโพรเกรสอินเตอร์เทค.com
Challenge is valid.
Processing authorization for บริษัทรักษาความปลอดภัยโพรเกรสอินเตอร์เทค.com
Challenge is valid.
Generating 2048 bit RSA key for บริษัทรักษาความปลอดภัยโพรเกรสอินเตอร์เทค.com
openssl genrsa 2048 > “/usr/local/directadmin/data/users/securitk/domains/xn–”
Generating RSA private key, 2048 bit long modulus
e is 65537 (0x10001)
problems making Certificate Request
140388235822920:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:a_mbstr.c:154:maxsize=64
/usr/local/directadmin/data/users/securitk/domains/xn– No such file or directory
140046914688840:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen(’/usr/local/directadmin/data/users/securitk/domains/xn–’,‘r’)
140046914688840:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
Unable to find certificate. Something went wrong. Printing response…

“detail”: “Error parsing certificate request: asn1: syntax error: sequence truncated”


What’s the script you used to generate the certificate?

It seems like the certificate and key are obtained, but failed to write on your FS because your domain name is way too long…

You need to contact the script author for a fix…

Thank you

This is an error related to the X.509 standards that are used by certificates on the web. You can see some other forum thread topics about this:

The summary is that Let's Encrypt can issue a certificate that covers a domain name that is 64 characters long or longer, but it can't be the first name on the certificate; the first name on the certificate must be less than 64 characters. For internationalized domain names (IDNs), this limit applies to the punycode version (that is, not บริษัทรักษาความปลอดภัยโพรเกรสอินเตอร์เทค.com).

You could potentially get the desired certificate if you can put another shorter domain name that you control first in the list of names on the certificate.

Related to what @stevenzhu said, since it looks like you are using DirectAdmin, you may have to ask the DirectAdmin developers to improve how that software handles this situation. It looks like currently it gives an unhelpful error because the developers didn't anticipate this particular problem. DirectAdmin could probably be improved to try to automatically work around the problem or at least to give an error message that explains the nature of the problem better.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.