From 55f464014ac9357ef2cb97c3aa8f96fb662da460 Mon Sep 17 00:00:00 2001
From: Dan Jensen <djensen@addfour.co>
Date: Thu, 25 Jan 2018 14:22:08 -0800
Subject: [PATCH] Fix CSR generation

Change -subj value passed to OpenSSL to comply with newer
versions (similar to a52c56e).
Switch order of the country and domain inputs.
Both changes are to avoid the "Something went wrong" error.
---
 CHANGELOG.md                   |  2 ++
 management/ssl_certificates.py |  2 +-
 management/templates/ssl.html  | 12 ++++++------
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9d0e757c..540a30bc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,8 @@
 CHANGELOG
 =========
 
+* Fix CSR generation bug by updating the `-subj` value passed to `openssl`, and changing the input order.
+
 v0.26b (January 25, 2018)
 -------------------------
 
diff --git a/management/ssl_certificates.py b/management/ssl_certificates.py
index 19d02dee..c6b5080f 100755
--- a/management/ssl_certificates.py
+++ b/management/ssl_certificates.py
@@ -556,7 +556,7 @@ def create_csr(domain, ssl_key, country_code, env):
                 "openssl", "req", "-new",
                 "-key", ssl_key,
                 "-sha256",
-                "-subj", "/C=%s/ST=/L=/O=/CN=%s" % (country_code, domain)])
+                "-subj", "/C=%s/CN=%s" % (country_code, domain)])
 
 def install_cert(domain, ssl_cert, ssl_chain, env, raw=False):
 	# Write the combined cert+chain to a temporary path and validate that it is OK.
diff --git a/management/templates/ssl.html b/management/templates/ssl.html
index 0cc4d59a..1ec93a32 100644
--- a/management/templates/ssl.html
+++ b/management/templates/ssl.html
@@ -57,12 +57,6 @@
 
 <p>If you don't want to use our automatic Let's Encrypt integration, you can give any other certificate provider a try. You can generate the needed CSR below.</p>
 
-<p>Which domain are you getting a certificate for?</p>
-
-<p><select id="ssldomain" onchange="show_csr()" class="form-control" style="width: auto"></select></p>
-
-<p>(A multi-domain or wildcard certificate will be automatically applied to any domains it is valid for besides the one you choose above.)</p>
-
 <p>What country are you in? This is required by some TLS certificate providers. You may leave this blank if you know your TLS certificate provider doesn't require it.</p>
 
 <p><select id="sslcc" onchange="show_csr()" class="form-control" style="width: auto">
@@ -72,6 +66,12 @@
 	{% endfor %}
 </select></p>
 
+<p>Which domain are you getting a certificate for?</p>
+
+<p><select id="ssldomain" onchange="show_csr()" class="form-control" style="width: auto"></select></p>
+
+<p>(A multi-domain or wildcard certificate will be automatically applied to any domains it is valid for besides the one you choose above.)</p>
+
 <div id="csr_info" style="display: none">
   <p>You will need to provide the certificate provider this Certificate Signing Request (CSR):</p>