Uploaded image for project: 'TrueNAS'
  1. TrueNAS
  2. NAS-105708

ACME validation fails for CSRs containing a SAN

    XMLWordPrintable

    Details

      Description

      WebUI throws an error when trying to "Create ACME Certificate" for a CSR containing a SAN. For every entry in the subject alternative names section of the CSR the error is:

      [EINVAL] acme_create.dns_mapping: Please provide DNS authenticator id for DNS:b.mydomain.com

      I can confirm that the process works well for CSRs containing just a single CN, including wildcards—thank you.

      See the call stack:

      Error: Traceback (most recent call last):
        File "/usr/local/lib/python3.7/site-packages/middlewared/job.py", line 349, in run
          await self.future
        File "/usr/local/lib/python3.7/site-packages/middlewared/job.py", line 386, in __run_body
          rv = await self.method(*([self] + args))
        File "/usr/local/lib/python3.7/site-packages/middlewared/schema.py", line 961, in nf
          return await f(*args, **kwargs)
        File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/crypto.py", line 1258, in do_create
          job, data
        File "/usr/local/lib/python3.7/site-packages/middlewared/utils/run_in_thread.py", line 10, in run_in_thread
          return await self.loop.run_in_executor(self.run_in_thread_executor, functools.partial(method, *args, **kwargs))
        File "/usr/local/lib/python3.7/site-packages/middlewared/utils/io_thread_pool_executor.py", line 25, in run
          result = self.fn(*self.args, **self.kwargs)
        File "/usr/local/lib/python3.7/site-packages/middlewared/schema.py", line 965, in nf
          return f(*args, **kwargs)
        File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/crypto.py", line 1304, in __create_acme_certificate
          final_order = self.acme_issue_certificate(job, 25, data, csr_data)
        File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/crypto.py", line 968, in acme_issue_certificate
          raise verrors
      middlewared.service_exception.ValidationErrors: [EINVAL] acme_create.dns_mapping: Please provide DNS authenticator id for DNS:b.mydomain.com

        Attachments

          Attachments

            JEditor

              Activity

                People

                Assignee:
                dmullen Dennis Mullen
                Reporter:
                rafal Rafal Lukawiecki
                Watchers:
                Bug Clerk, Dennis Mullen, Rafal Lukawiecki, Waqar Ahmed
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                  Dates

                  Due:
                  Created:
                  Updated:
                  Resolved: