Conversation
File "/home/travis/build/kuba/simp_le/simp_le.py", line 180, in <genexpr>
value=b', '.join(b'DNS:' + d for d in domains)
TypeError: can't concat bytes to str
kuba
changed the title
|
Will this be merged soon or is the csr branch safe to use in production? The latest version of nginx supports multiple certificate types so I'm just waiting on a way to generate the certificates. |
|
I'm hoping to merge this soon. I've been distracted from this for a little while, so I don't remember what's left to be done. Maybe it's production ready and I was just afraid of breaking users... |
|
I ended up trying to use this branch, but seem to be stuck with an "Error unmarshaling certificate request" from acme when trying to use a CSR with an ECDSA key. Searching the LE forums seems to indicate this is caused if you have a missing extension request, but I have SAN in there so I'm not sure what's happening. The CSR is pretty simple - one hostname, secp256k1, SHA256. The same settings with an RSA key worked fine. I tried adding explicit secp256k1 parameters but this didn't help. In case it's my mistake, it would be a nice feature to add client-side validation of the certificate to explain what exactly is missing (on that note, a missing SAN throws an assert instead of a descriptive message).
Update: Fixed! I was using secp256k1 when I should have been using prime256v1. |
2 participants
This PR substantially changes API for
simp_leand will break existing customers-f key.pem(or-f key.der) it accepts-f csr.pem(-f csr.der) and expects the client to generate CSR (cf.examples/generate_csr.sh).-d.--default_rootor-d exmaple.com:rootsyntax, so in case of multi-domain certificates customer is expected to arrange the file hierarchy (e.g. using symlinks)..well-known/acme-challenge(fixes Allow exact webroot path without appending .well-known/acme-challenge/ #53).It's not yet ready, but I hope to get it finished in O(week). Posting it here in advance, so that interested parties get an early notification about breaking changes.