Create a certificate with subject
Per best practice, Buypass AS has removed the generation of a default Subject in certificates where this is not specified. Eg. Certbot does not create a CSR with this CN (Subject) specified.
If one would like to force this, one must generate a CSR prior to requesting the certificate using the ACME protocol and eg. Certbot. Which can be done as shown below, by generating keys and a CSR where one specifies the CN/Subject. Then one can request a certificate using Certbot.
<USERNAME>@<HOSTNAME>:~$ openssl req -new -newkey rsa:2048 -nodes -keyout your-domain.key -out your-domain.csr Generating a 2048 bit RSA private key ......................................................+++..............................+++ writing new private key to 'your-domain.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:<COUNTRY> State or Province Name (full name) [Some-State]:<STATE> Locality Name (eg, city) :<CITY> Organization Name (eg, company) [Internet Widgits Pty Ltd]:<COMPANY NAME> Organizational Unit Name (eg, section) :<UNIT NAME> Common Name (e.g. server FQDN or YOUR name) :<FQDN_WHICH_BECOMES_SUBJECT> Email Address :<EMAIL> Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : An optional company name :
To request a certificate with a specified CSR, use the following certbot command.
/opt/certbot/certbot-auto certonly --nginx --csr your-domain.csr --server "https://api.buypass.com/acme/directory/"
To inspect and verify the CSR, use the following command from the openssl tool suite.
<USERNAME>@<HOSTNAME>:~$ openssl req -in your-domain.csr -noout -text Certificate Request: Data: Version: 0 (0x0) Subject: C=<COUNTRY>, ST=<STATE>, L=<CITY>, O=<COMPANY NAME>, OU=<UNIT NAME>, CN=<FQDN_WHICH_BECOMES_SUBJECT>/emailAddress=<EMAIL> Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit)