You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug:
ClusterIssuer is unable to generate certificate due to Order error:
Failed to finalize Order: 400 urn:ietf:params:acme:error:badCSR: Error finalizing order :: issuing precertificate: CSR doesn't contain a SAN short enough to fit in CN
Expected behaviour:
Certificate generated.
Steps to reproduce the bug:
Use ClusterIssuer/Issuer to generate a Certificate for a FQDN longer than 64 chars with Acme (letsencrypt).
API Version: acme.cert-manager.io/v1alpha3
Kind: Order
....
Status:
Failure Time: 2020-04-09T16:47:02Z
Finalize URL: https://acme-staging-v02.api.letsencrypt.org/acme/finalize/13088958/84103314
Reason: Failed to finalize Order: 400 urn:ietf:params:acme:error:badCSR: Error finalizing order :: issuing precertificate: CSR doesn't contain a SAN short enough to fit in CN
State: errored
URL: https://acme-staging-v02.api.letsencrypt.org/acme/order/13088958/84103314
I think this is an issue with Let's Encrypt rather than cert-manager as cert-manager does not set the CN in the CSR. Let's Encrypt does that on their side, which is where this error comes from.
Describe the bug:
ClusterIssuer is unable to generate certificate due to Order error:
Failed to finalize Order: 400 urn:ietf:params:acme:error:badCSR: Error finalizing order :: issuing precertificate: CSR doesn't contain a SAN short enough to fit in CN
Expected behaviour:
Certificate generated.
Steps to reproduce the bug:
Use ClusterIssuer/Issuer to generate a Certificate for a FQDN longer than 64 chars with Acme (letsencrypt).
Environment details::
/kind bug
The text was updated successfully, but these errors were encountered: