You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
the Subject: CN does is not servizi.example.com used in the filename: well, no problem with that, but I'm just curious it is not a bug (or, worse for me, some issues with my acme-http.json ... we are having issue with it)
I was expecting that in the file acme-http.json the domain.main would be what I would find in Subject: CN once the certificate is dumped , and also the domain in domain.sans would be exactly the SANS in the certificat X509v3 Subject Alternative Name: and this is not true.
(many thanks for your notes in the internet about the issue with Traefik upgrade 2.8=> 2.9/10 and the LEGO_DISABLE_CNAME_SUPPORT=true .... we struggled a week till we've hit your feeds!)
The text was updated successfully, but these errors were encountered:
The order of domains can be changed during the certificate generation by Traefik, lego, or the ACME server.
The domain inside the certificates may be different from the list because it depends on your traefik configuration: traefik-certs-dumper doesn't "generate" certificates from main and sans, it just extracts them from the acme.json file.
thanks when I check a certificate with Firefox I see that "Common Name" and the "Sabject Alt Names": those are, I suppose, the Subject: CN and X509v3 Subject Alternative Name: I get from the output of openssl x509 -text -noout -in mycert.pem
I would expect a 1:1 relationship between these 2 fields and the main and sans in the Traefik acme-http.json file.
Since you just extract the certificate (yes, I've got that) that is probably not true?
There is no identity between main/sans and Subject/Subject Alt Names because, in the internal of Traefik, lego, and the ACME server, there is only a list of domains without real order.
There is no identity between main/sans in the Traefik configuration and the acme.json file because the domains are re-ordered during the certificate generation process.
I've just executed
(traefik 2.10.7)
then if I inspect one of the dumped cert
I see, as expected, my long list of SANS, but:
the
Subject: CN
does is notservizi.example.com
used in the filename: well, no problem with that, but I'm just curious it is not a bug (or, worse for me, some issues with myacme-http.json
... we are having issue with it)I was expecting that in the file
acme-http.json
thedomain.main
would be what I would find inSubject: CN
once the certificate is dumped , and also the domain indomain.sans
would be exactly the SANS in the certificatX509v3 Subject Alternative Name:
and this is not true.In details if in
acme-http.json
I havethen in the output of
openssl x509 -text -noout -in ./dump/acme-http/certs/servizi.example.com.crt
I haveit is just me?
(many thanks for your notes in the internet about the issue with Traefik upgrade 2.8=> 2.9/10 and the LEGO_DISABLE_CNAME_SUPPORT=true .... we struggled a week till we've hit your feeds!)
The text was updated successfully, but these errors were encountered: