multidomain/SAN cert csr submitted, but only single-domain cert returned?

lssl · August 5, 2016, 5:42pm

I create a csr.der

openssl req -inform der -in example.com.csr.der -noout -text

    Certificate Request:
        Data:
            Version: 0 (0x0)
            Subject: C=US, ST=NewYork, L=NewYork, O=example.com, OU=example.com, CN=example.com/emailAddress=devnull@example.com/subjectAltName=DNS.1=example.com,DNS.2=www.example.com,DNS.3=test.example.com
            Subject Public Key Info:
                Public Key Algorithm: id-ecPublicKey
                    Public-Key: (384 bit)
                    pub: 
    ...

Then submit it to LE

certbot-auto certonly \
 --server https://acme-v01.api.letsencrypt.org/directory \
 --email ssl@example.com \
 --standalone --standalone-supported-challenges tls-sni-01 \
 --break-my-certs --text --agree-tos --renew-by-default \
 --staple-ocsp --must-staple --redirect --hsts --uir \
 --csr=./example.com.csr.der --cert-path ./example.com.crt.pem

Success is reported

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
...

But in browser, and on cmd line, there’s no SAN data – only the primary

cd /etc/letsencrypt/live/example.com
openssl x509 -text -noout -in cert.pem | grep DNS
    DNS:example.com

openssl x509 -text -noout -in cert.pem
    ...
        Subject: CN=example.com
        Subject Public Key Info:
    ...
            X509v3 Subject Alternative Name:
                DNS:example.com
            X509v3 Certificate Policies:
    ...

The single cert passes SSLLABS’ server test with an A+, but only for the main domain.

What config have I missed to get SAN working properly?

tialaramex · August 5, 2016, 5:48pm

Those aren’t SANs you’ve got there in your CSR.

What you’ve got is a Subject, with a bunch of DNSname in it. And Let’s Encrypt has looked at those, and gone “Yeah, no” and thrown them away.

Subject Alternate Names are a wholly separate field that needs to appear in your CSR. Yours didn’t have any, the Baseline Requirements say all certificates for the Web PKI should have at least one, and Let’s Encrypt sets it to the CN of your subject from the CSR.

(edited to add)

Some older tutorials suggest the approach you’ve used because it looks simpler, particularly if you’re doing stuff with OpenSSL commands, as is common. And years ago actual public CAs would sign this kind of thing. However the standards involved on the web say not to use cram DNSnames into the Subject field, and instead use actual SANs, browsers and other software are increasingly fond of actually obeying the standards, and so is Let’s Encrypt.

I haven’t tried following the below tutorial, but at a glance it looks better and is generating actual SANs in the CSR.

http://apetec.com/support/GenerateSAN-CSR.htm

leader · August 5, 2016, 7:22pm

lssl · August 5, 2016, 7:36pm

Yep, that’s what I just started using. Works a charm. Thanks.

system · September 4, 2016, 7:36pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.