DNS name too long
# /usr/local/certbot/certbot-auto certonly --webroot -w /work.work -
d
workworkworkworkworkwork.workworkworkworkworkworkworkworkworkwork.wo
rkworkworkworkworkworkworkworkworkworkworkworkworkworkwork.workworkw
orkworkworkworkworkworkworkworkworkworkworkworkwork.workworkworkwork
workworkworkworkworkworkworkworkworkworkwork.work
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
An unexpected error occurred:
The request message was malformed :: Error creating new authz :: DNS
name too long
Please see the logfiles in /var/log/letsencrypt for more details.
Slide 31
Slide 31 text
certbot͕230จࣈҎ্Λ
ड͚͚ͳ͍
Slide 32
Slide 32 text
෦తʹJSONͷϝλใͰ
25จࣈͬͯ͠·͏ͨΊ
letsencrypt/boulder.git/policy/pa.go@126
// TODO(#3237): Right now our schema for the authz table only allows
255 characters
// for identifiers, including JSON wrapping, which takes up 25
characters. For
// now, we only allow identifiers up to 230 characters in length.
When we are
// able to do a migration to update this table, we can allow DNS
names up to
// 253 characters in length.
maxLabelLength = 63
maxDNSIdentifierLength = 230
`identifier` varchar(255) NOT NULL,
{"type":"dns","value":"example.com"}
https://community.letsencrypt.org/t/i-want-use-max-255-octet-domain/51279
Slide 33
Slide 33 text
Let’s Encrypt
͕ବͳΒ…
Slide 34
Slide 34 text
ී௨ͷ༗ྉSSLͳΒ
͍͚Μͷ͔
Slide 35
Slide 35 text
# openssl req -new -key key.pem -out key.csr
Common Name (eg, fully qualified host name)
[]:workworkworkworkworkwork.workworkworkworkworkworkworkworkworkwork
.workworkworkworkworkworkworkworkworkworkworkworkworkworkwork.workwo
rkworkworkworkworkworkworkworkworkworkworkworkworkwork.workworkworkw
orkworkworkworkworkworkworkworkworkworkworkwork.work
OpenSSLͰCSRൃߦ!
Slide 36
Slide 36 text
string is too long,
it needs to be less than
64 bytes long