drop the CSR_COUNTRY setting and ask within the control panel

management/csr_country_codes.tsv

@@ -0,0 +1,253 @@
+# This list is derived from https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2.
+# The columns are ISO_3166-1_alpha-2 code, display name, Wikipedia page name.
+# The top 21 countries by number of Internet users are grouped first, see
+# https://en.wikipedia.org/wiki/List_of_countries_by_number_of_Internet_users.
+CN	China	
+IN	India	
+US	United States	
+JP	Japan	
+BR	Brazil	
+RU	Russian Federation	Russia
+DE	Germany	
+NG	Nigeria	
+GB	United Kingdom	
+FR	France	
+MX	Mexico	
+EG	Egypt	
+KR	South Korea
+VN	Vietnam
+ID	Indonesia	
+PH	Philippines	
+TR	Turkey	
+IT	Italy	
+PK	Pakistan	
+ES	Spain	
+CA	Canada	
+AD	Andorra	
+AE	United Arab Emirates	
+AF	Afghanistan	
+AG	Antigua and Barbuda	
+AI	Anguilla	
+AL	Albania	
+AM	Armenia	
+AO	Angola	
+AQ	Antarctica	
+AR	Argentina	
+AS	American Samoa	
+AT	Austria	
+AU	Australia	
+AW	Aruba	
+AX	Åland Islands	
+AZ	Azerbaijan	
+BA	Bosnia and Herzegovina	
+BB	Barbados	
+BD	Bangladesh	
+BE	Belgium	
+BF	Burkina Faso	
+BG	Bulgaria	
+BH	Bahrain	
+BI	Burundi	
+BJ	Benin	
+BL	Saint Barthélemy	
+BM	Bermuda	
+BN	Brunei
+BO	Bolivia
+BQ	Bonaire, Sint Eustatius and Saba	Caribbean Netherlands
+BS	Bahamas	The Bahamas
+BT	Bhutan	
+BV	Bouvet Island	
+BW	Botswana	
+BY	Belarus	
+BZ	Belize	
+CC	Cocos (Keeling) Islands	
+CD	Congo, the Democratic Republic of the	Democratic Republic of the Congo
+CF	Central African Republic	
+CG	Congo	Republic of the Congo
+CH	Switzerland	
+CI	Côte d'Ivoire	
+CK	Cook Islands	
+CL	Chile	
+CM	Cameroon	
+CO	Colombia	
+CR	Costa Rica	
+CU	Cuba	
+CV	Cabo Verde	
+CW	Curaçao	
+CX	Christmas Island	
+CY	Cyprus	
+CZ	Czech Republic	
+DJ	Djibouti	
+DK	Denmark	
+DM	Dominica	
+DO	Dominican Republic	
+DZ	Algeria	
+EC	Ecuador	
+EE	Estonia	
+EH	Western Sahara	
+ER	Eritrea	
+ET	Ethiopia	
+FI	Finland	
+FJ	Fiji	
+FK	Falkland Islands (Malvinas)	Falkland Islands
+FM	Federated States of Micronesia
+FO	Faroe Islands	
+GA	Gabon	
+GD	Grenada	
+GE	Georgia	Georgia (country)
+GF	French Guiana	
+GG	Guernsey	
+GH	Ghana	
+GI	Gibraltar	
+GL	Greenland	
+GM	Gambia	The Gambia
+GN	Guinea	
+GP	Guadeloupe	
+GQ	Equatorial Guinea	
+GR	Greece	
+GS	South Georgia and the South Sandwich Islands	
+GT	Guatemala	
+GU	Guam	
+GW	Guinea-Bissau	
+GY	Guyana	
+HK	Hong Kong	
+HM	Heard Island and McDonald Islands	
+HN	Honduras	
+HR	Croatia	
+HT	Haiti	
+HU	Hungary	
+IE	Ireland	Republic of Ireland
+IL	Israel	
+IM	Isle of Man	
+IO	British Indian Ocean Territory	
+IQ	Iraq	
+IR	Iran
+IS	Iceland	
+JE	Jersey	
+JM	Jamaica	
+JO	Jordan	
+KE	Kenya	
+KG	Kyrgyzstan	
+KH	Cambodia	
+KI	Kiribati	
+KM	Comoros	
+KN	Saint Kitts and Nevis	
+KP	North Korea
+KW	Kuwait	
+KY	Cayman Islands	
+KZ	Kazakhstan	
+LA	Laos
+LB	Lebanon	
+LC	Saint Lucia	
+LI	Liechtenstein	
+LK	Sri Lanka	
+LR	Liberia	
+LS	Lesotho	
+LT	Lithuania	
+LU	Luxembourg	
+LV	Latvia	
+LY	Libya	
+MA	Morocco	
+MC	Monaco	
+MD	Moldova
+ME	Montenegro	
+MF	Saint Martin (French part)	Collectivity of Saint Martin
+MG	Madagascar	
+MH	Marshall Islands	
+MK	Macedonia	Republic of Macedonia
+ML	Mali	
+MM	Myanmar	
+MN	Mongolia	
+MO	Macao	Macau
+MP	Northern Mariana Islands	
+MQ	Martinique	
+MR	Mauritania	
+MS	Montserrat	
+MT	Malta	
+MU	Mauritius	
+MV	Maldives	
+MW	Malawi	
+MY	Malaysia	
+MZ	Mozambique	
+NA	Namibia	
+NC	New Caledonia	
+NE	Niger	
+NF	Norfolk Island	
+NI	Nicaragua	
+NL	Netherlands	
+NO	Norway	
+NP	Nepal	
+NR	Nauru	
+NU	Niue	
+NZ	New Zealand	
+OM	Oman	
+PA	Panama	
+PE	Peru	
+PF	French Polynesia	
+PG	Papua New Guinea	
+PL	Poland	
+PM	Saint Pierre and Miquelon	
+PN	Pitcairn	Pitcairn Islands
+PR	Puerto Rico	
+PS	Palestine	State of Palestine
+PT	Portugal	
+PW	Palau	
+PY	Paraguay	
+QA	Qatar	
+RE	Réunion	
+RO	Romania	
+RS	Serbia	
+RW	Rwanda	
+SA	Saudi Arabia	
+SB	Solomon Islands	
+SC	Seychelles	
+SD	Sudan	
+SE	Sweden	
+SG	Singapore	
+SH	Saint Helena, Ascension and Tristan da Cunha	
+SI	Slovenia	
+SJ	Svalbard and Jan Mayen	
+SK	Slovakia	
+SL	Sierra Leone	
+SM	San Marino	
+SN	Senegal	
+SO	Somalia	
+SR	Suriname	
+SS	South Sudan	
+ST	Sao Tome and Principe
+SV	El Salvador	
+SX	Sint Maarten (Dutch part)	Sint Maarten
+SY	Syria
+SZ	Swaziland	
+TC	Turks and Caicos Islands	
+TD	Chad	
+TF	French Southern Territories	French Southern and Antarctic Lands
+TG	Togo	
+TH	Thailand	
+TJ	Tajikistan	
+TK	Tokelau	
+TL	Timor-Leste	East Timor
+TM	Turkmenistan	
+TN	Tunisia	
+TO	Tonga	
+TT	Trinidad and Tobago	
+TV	Tuvalu	
+TW	Taiwan	
+TZ	Tanzania
+UA	Ukraine	
+UG	Uganda	
+UM	United States Minor Outlying Islands	
+UY	Uruguay	
+UZ	Uzbekistan	
+VA	Vatican City
+VC	Saint Vincent and the Grenadines	
+VE	Venezuela
+VG	Virgin Islands, British	British Virgin Islands
+VI	Virgin Islands, U.S.	United States Virgin Islands
+VU	Vanuatu	
+WF	Wallis and Futuna	
+WS	Samoa	
+YE	Yemen	
+YT	Mayotte	
+ZA	South Africa	
+ZM	Zambia	
+ZW	Zimbabwe	

management/daemon.py

@@ -28,6 +28,14 @@ try:
 except OSError:
 	pass
 
+# for generating CSRs we need a list of country codes
+csr_country_codes = []
+with open(os.path.join(os.path.dirname(me), "csr_country_codes.tsv")) as f:
+	for line in f:
+		if line.strip() == "" or line.startswith("#"): continue
+		code, name = line.strip().split("\t")[0:2]
+		csr_country_codes.append((code, name))
+
 app = Flask(__name__, template_folder=os.path.abspath(os.path.join(os.path.dirname(me), "templates")))
 
 # Decorator to protect views that require a user with 'admin' privileges.
@@ -101,9 +109,12 @@ def index():
 	return render_template('index.html',
 		hostname=env['PRIMARY_HOSTNAME'],
 		storage_root=env['STORAGE_ROOT'],
+
 		no_users_exist=no_users_exist,
 		no_admins_exist=no_admins_exist,
+
 		backup_s3_hosts=backup_s3_hosts,
+		csr_country_codes=csr_country_codes,
 	)
 
 @app.route('/me')
@@ -321,7 +332,7 @@ def dns_get_dump():
 def ssl_get_csr(domain):
 	from ssl_certificates import create_csr
 	ssl_private_key = os.path.join(os.path.join(env["STORAGE_ROOT"], 'ssl', 'ssl_private_key.pem'))
-	return create_csr(domain, ssl_private_key, env)
+	return create_csr(domain, ssl_private_key, request.form.get('countrycode', ''), env)
 
 @app.route('/ssl/install', methods=['POST'])
 @authorized_personnel_only

management/ssl_certificates.py

@@ -137,12 +137,12 @@ def get_domain_ssl_files(domain, ssl_certificates, env, allow_missing_cert=False
 
 	return cert_info['private-key'], cert_info['certificate'], via
 
-def create_csr(domain, ssl_key, env):
+def create_csr(domain, ssl_key, country_code, env):
 	return shell("check_output", [
                 "openssl", "req", "-new",
                 "-key", ssl_key,
                 "-sha256",
-                "-subj", "/C=%s/ST=/L=/O=/CN=%s" % (env["CSR_COUNTRY"], domain)])
+                "-subj", "/C=%s/ST=/L=/O=/CN=%s" % (country_code, domain)])
 
 def install_cert(domain, ssl_cert, ssl_chain, env):
 	# Write the combined cert+chain to a temporary path and validate that it is OK.

management/templates/ssl.html

@@ -28,6 +28,15 @@
 
 <p><select id="ssldomain" onchange="show_csr()" class="form-control" style="width: auto"></select></p>
 
+<p>What country are you in? This is required by some SSL certificate providers. You may leave this blank if you know your SSL certificate provider doesn't require it.</p>
+
+<p><select id="sslcc" onchange="show_csr()" class="form-control" style="width: auto">
+	<option value="">(Select)</option>
+	{% for code, name in csr_country_codes %}
+		<option value="{{code}}">{{name}}</option>
+	{% endfor %}
+</select></p>
+
 <div id="csr_info" style="display: none">
   <p>You will need to provide the SSL certificate provider this Certificate Signing Request (CSR):</p>
 
@@ -94,6 +103,7 @@ function show_csr() {
     "/ssl/csr/" + $('#ssldomain').val(),
     "POST",
     {
+        countrycode: $('#sslcc').val()
     },
     function(data) {
       $('#ssl_csr').text(data);