domain string in user config limited to 64 chars

[IzzySoft]

I've initially posted it at the wrong place (see here) – so as I've meanwhile figured a bit more, I'll repeat it here "in clear":

The client accepts a config file using the -c <filename> parameter. I'm using this to setup things. With new domains whitelisted, I had to create a new certificate – so I've setup my config file, putting the host names in the domain = name, altname1, altname2 line. On call, the client crashed:

Error: [('asn1 encoding routines', 'ASN1_mbstring_ncopy', 'string too long')]

Bad thing, as wildcards are not permitted and the cert (in this case) must hold all the names. Figured I can work around this via the -d command-line parameter (-d name -d altname1 -d altname2), and the cert was created fine. Checked the .conf file in /etc/letsencrypt/renewal – and found the domain = line being exactly as quoted above.

Verdict: this limitation just applies to the -c <config> file, but not to the renewal config file. Work-around exists as described – but it still would be nice to see this fixed.

[jmhodges]

They actually misled you in that other ticket with an incorrect link. You want to post this in the client repo at https://github.com/letsencrypt/letsencrypt/issues

This is the server side code.

[IzzySoft]

Yuck. OK, "All good things are 3" 🙈 – And thanks!

[jmhodges]

Yeah, sorry for that!

[IzzySoft]

@jmhodges No prob. And btw, number 3 pointed to the correct explanation:

Setting values in the configuration file is like setting them on the command line. On the command line, you have to specify the domain flag for each domain.

So: in that "user config", one needs a separate domains = line for each domain. So it's not a bug, but "missing documentation" ;)