Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support simplified issuance for very long domain names at Let's Encrypt #2054

Merged
merged 2 commits into from
Jan 26, 2024
Merged

feat: support simplified issuance for very long domain names at Let's Encrypt #2054

merged 2 commits into from
Jan 26, 2024

Conversation

MartinWeindel
Copy link
Contributor

@MartinWeindel MartinWeindel commented Nov 16, 2023
edited by ldez
Loading

Let's encrypt will support certificates without common name starting at 2023-11-29. Details see in this announcement. It allows to create certificates for domains longer than 64 characters without needing to set the common name to a shorter domain name.

This PR makes small adjustments to the certificate ordering to reflect the new possibility. The common name is only set if the first domain name is shorter or equal than 64 characters. Therefore the change should be compatible with the current usage.

Note: The new behaviour can already be tested on the staging server (https://acme-staging-v02.api.letsencrypt.org/directory)

Fixes #2049

@MartinWeindel MartinWeindel mentioned this pull request Nov 16, 2023
Merged
@ldez

This comment was marked as off-topic.

Sign in to view
@ldez ldez closed this Nov 16, 2023
@ldez ldez added the declined label Nov 16, 2023
@ldez
Copy link
Member

ldez commented Nov 16, 2023
edited
Loading

I was confused by this change https://github.com/go-acme/lego/pull/2054/files#diff-49d368acbbb16528a9b447c4cbb44c3901b0636333a15e42117bc5184a28ec5cR284

But this PR is incomplete, I will add the missing pieces.

@ldez ldez reopened this Nov 16, 2023
@ldez ldez self-requested a review November 16, 2023 13:02
@MartinWeindel
Copy link
Contributor Author

But this PR is incomplete, I will add the missing pieces.

@ldez Can I help with the "missing pieces"? What exactly is missing?

@ldez ldez added this to the v4.15 milestone Jan 12, 2024
@ldez ldez force-pushed the common-name-not-mandatory branch 2 times, most recently from a1d2d95 to 882020a Compare January 25, 2024 00:11
ldez
ldez approved these changes Jan 26, 2024
View reviewed changes
Copy link
Member

@ldez ldez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ldez ldez enabled auto-merge (squash) January 26, 2024 22:59
@ldez ldez changed the title Support simplified issuance for very long domain names at Let's Encrypt feat: support simplified issuance for very long domain names at Let's Encrypt Jan 26, 2024
@ldez ldez merged commit d263a28 into go-acme:master Jan 26, 2024
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ldez ldez ldez approved these changes

Assignees
No one assigned
Labels
area/lib enhancement
Milestone
v4.15
Development

Successfully merging this pull request may close these issues.

Don't create CSRs with a Common Name that is longer than 64 bytes
2 participants
@MartinWeindel @ldez