From a89da5cf68a779d459daf63c12df6b77b4a3df5b Mon Sep 17 00:00:00 2001
From: Trevor Dixon <trevordixon@gmail.com>
Date: Mon, 22 Jun 2020 00:05:30 +0200
Subject: [PATCH] Include the domain in the SAN of the CSR

Allows autocert to work with Pebble (see https://github.com/letsencrypt/pebble/issues/304).
---
 acme/autocert/autocert.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/acme/autocert/autocert.go b/acme/autocert/autocert.go
index 2ea9e23174..07fda1643e 100644
--- a/acme/autocert/autocert.go
+++ b/acme/autocert/autocert.go
@@ -645,7 +645,7 @@ func (m *Manager) certState(ck certKey) (*certState, error) {
 // authorizedCert starts the domain ownership verification process and requests a new cert upon success.
 // The key argument is the certificate private key.
 func (m *Manager) authorizedCert(ctx context.Context, key crypto.Signer, ck certKey) (der [][]byte, leaf *x509.Certificate, err error) {
-	csr, err := certRequest(key, ck.domain, m.ExtraExtensions)
+	csr, err := certRequest(key, ck.domain, m.ExtraExtensions, ck.domain)
 	if err != nil {
 		return nil, nil, err
 	}