diff --git a/CHANGELOG.md b/CHANGELOG.md index 9d0e757c..540a30bc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,8 @@ CHANGELOG ========= +* Fix CSR generation bug by updating the `-subj` value passed to `openssl`, and changing the input order. + v0.26b (January 25, 2018) ------------------------- diff --git a/management/ssl_certificates.py b/management/ssl_certificates.py index 19d02dee..c6b5080f 100755 --- a/management/ssl_certificates.py +++ b/management/ssl_certificates.py @@ -556,7 +556,7 @@ def create_csr(domain, ssl_key, country_code, env): "openssl", "req", "-new", "-key", ssl_key, "-sha256", - "-subj", "/C=%s/ST=/L=/O=/CN=%s" % (country_code, domain)]) + "-subj", "/C=%s/CN=%s" % (country_code, domain)]) def install_cert(domain, ssl_cert, ssl_chain, env, raw=False): # Write the combined cert+chain to a temporary path and validate that it is OK. diff --git a/management/templates/ssl.html b/management/templates/ssl.html index 0cc4d59a..1ec93a32 100644 --- a/management/templates/ssl.html +++ b/management/templates/ssl.html @@ -57,12 +57,6 @@
If you don't want to use our automatic Let's Encrypt integration, you can give any other certificate provider a try. You can generate the needed CSR below.
-Which domain are you getting a certificate for?
- - - -(A multi-domain or wildcard certificate will be automatically applied to any domains it is valid for besides the one you choose above.)
-What country are you in? This is required by some TLS certificate providers. You may leave this blank if you know your TLS certificate provider doesn't require it.
+Which domain are you getting a certificate for?
+ + + +(A multi-domain or wildcard certificate will be automatically applied to any domains it is valid for besides the one you choose above.)
+