Skip Menu |

This queue is for tickets about the Crypt-LE CPAN distribution.

Report information
The Basics
Id: 125389
Status: resolved
Priority: 0/
Queue: Crypt-LE
People
Owner: Nobody in particular
Requestors: BSTERN [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: 0.31
Fixed in: 0.30

History Show all quoted text
  Wed May 23 21:19:04 2018 BSTERN [...] cpan.org - Ticket created
Subject: Wildcard domains not supported
Let's Encrypt now offers wildcard certificates, but Crypt::LE doesn't support asking for them. le.pl --key account.key --email "letsencrypt@example.org" --csr domain.csr --csr-key domain.csr.key --crt domain.crt --generate-missing --domains "example.org,*.example.org,example.net,*.example.net" 2018/05/24 01:13:50 [ ZeroSSL Crypt::LE client v0.31 started. ] 2018/05/24 01:13:50 Loading an account key from account.key 2018/05/24 01:13:50 Generating a new CSR for domains example.org,*.example.org,example.net,*.example.net 2018/05/24 01:13:50 New CSR will be based on 'domain.key' key 2018/05/24 01:13:50 Saving a new CSR into domain.csr 2018/05/24 01:13:51 Registering the account key 2018/05/24 01:13:51 The key is already registered. ID: XXXXXXX 2018/05/24 01:13:51 Make sure to check TOS at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf 2018/05/24 01:13:52 Some domains failed *.example.net: Error creating new authz :: Wildcard names not supported *.example.org: Error creating new authz :: Wildcard names not supported I asked for my domains, of course, not example.org, but otherwise the command line was the same.
  Thu May 24 04:28:16 2018 LEADER [...] cpan.org - Correspondence added
Hello, Wildcards are actually supported. If you run the client with --help option, you will see an example outlining exactly that: === f) To issue a wildcard certificate, which requires DNS verification: le.pl --key account.key --csr domain.csr --csr-key domain.key --crt domain.crt --domains "*.domain.ext" --generate-missing --handle-as dns --api 2 === It is also mentioned on both ZeroSSL site and in the GitHub documentation that wildcard certificate issuance requires DNS verification and the use of API v2.0. I will probably add a section regarding the client into the library documentation as well and will catch such case specifically to either give a recommendation to use appropriate keys or just switch to DNS and API v2.0 in the presence of any * in the domains list. So basically in your command you just need to add "--handle-as dns --api 2" part. I hope that helps. On Thu May 24 02:19:04 2018, BSTERN wrote: Show quoted text
> Let's Encrypt now offers wildcard certificates, but Crypt::LE doesn't > support asking for them. > > le.pl --key account.key --email "letsencrypt@example.org" --csr > domain.csr --csr-key domain.csr.key --crt domain.crt --generate- > missing --domains > "example.org,*.example.org,example.net,*.example.net" > > 2018/05/24 01:13:50 [ ZeroSSL Crypt::LE client v0.31 started. ] > 2018/05/24 01:13:50 Loading an account key from account.key > 2018/05/24 01:13:50 Generating a new CSR for domains > example.org,*.example.org,example.net,*.example.net > 2018/05/24 01:13:50 New CSR will be based on 'domain.key' key > 2018/05/24 01:13:50 Saving a new CSR into domain.csr > 2018/05/24 01:13:51 Registering the account key > 2018/05/24 01:13:51 The key is already registered. ID: XXXXXXX > 2018/05/24 01:13:51 Make sure to check TOS at > https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf > 2018/05/24 01:13:52 Some domains failed > *.example.net: Error creating new authz :: Wildcard names not > supported > *.example.org: Error creating new authz :: Wildcard names not > supported > > I asked for my domains, of course, not example.org, but otherwise the > command line was the same.
  Thu May 24 04:28:16 2018 The RT System itself - Status changed from 'new' to 'open'
  Tue Nov 06 14:26:44 2018 LEADER [...] cpan.org - Status changed from 'open' to 'resolved'
  Tue Nov 06 14:26:44 2018 LEADER [...] cpan.org - Fixed in 0.30 added