From 777115c545a5266609fad6888d24d586ed4c2916 Mon Sep 17 00:00:00 2001 From: Trevor Dixon Date: Mon, 22 Jun 2020 00:05:30 +0200 Subject: [PATCH] Include the domain in the SAN of the CSR Allows autocert to work with Pebble (see https://github.com/letsencrypt/pebble/issues/304). --- acme/autocert/autocert.go | 8 ++++---- acme/autocert/autocert_test.go | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/acme/autocert/autocert.go b/acme/autocert/autocert.go index 2ea9e23174..c7fbc54c45 100644 --- a/acme/autocert/autocert.go +++ b/acme/autocert/autocert.go @@ -1133,11 +1133,11 @@ func (s *certState) tlscert() (*tls.Certificate, error) { }, nil } -// certRequest generates a CSR for the given common name cn and optional SANs. -func certRequest(key crypto.Signer, cn string, ext []pkix.Extension, san ...string) ([]byte, error) { +// certRequest generates a CSR for the given common name. +func certRequest(key crypto.Signer, name string, ext []pkix.Extension) ([]byte, error) { req := &x509.CertificateRequest{ - Subject: pkix.Name{CommonName: cn}, - DNSNames: san, + Subject: pkix.Name{CommonName: name}, + DNSNames: []string{name}, ExtraExtensions: ext, } return x509.CreateCertificateRequest(rand.Reader, req, key) diff --git a/acme/autocert/autocert_test.go b/acme/autocert/autocert_test.go index f08d8008e8..59f39c1c16 100644 --- a/acme/autocert/autocert_test.go +++ b/acme/autocert/autocert_test.go @@ -1097,7 +1097,7 @@ func TestCertRequest(t *testing.T) { Id: asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1}, Value: []byte("dummy"), } - b, err := certRequest(key, "example.org", []pkix.Extension{ext}, "san.example.org") + b, err := certRequest(key, "example.org", []pkix.Extension{ext}) if err != nil { t.Fatalf("certRequest: %v", err) }