Acme::Client::Error::RejectedIdentifier: NewOrder request did not include a SAN short enough to fit in CN
https://new-sentry.gitlab.net/organizations/gitlab/issues/442899/
Acme::Client::Error::RejectedIdentifier: NewOrder request did not include a SAN short enough to fit in CN
lib/gitlab/lets_encrypt/client.rb:14:in `new_order'
acme_order = acme_client.new_order(identifiers: [domain_name])
app/services/pages_domains/create_acme_order_service.rb:13:in `execute'
order = lets_encrypt_client.new_order(pages_domain.domain)
app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb:24:in `execute'
::PagesDomains::CreateAcmeOrderService.new(pages_domain).execute
app/workers/pages_domain_ssl_renewal_worker.rb:17:in `perform'
::PagesDomains::ObtainLetsEncryptCertificateService.new(domain).execute
lib/gitlab/database/load_balancing/sidekiq_server_middleware.rb:26:in `call'
yield
...
(99 additional frame(s) were not displayed)
NewOrder request did not include a SAN short enough to fit in CN
Implementation Guide
Update ObtainLetsEncryptCertificateService
to avoid calling ::PagesDomains::CreateAcmeOrderService
if domain length is greater than the allowable limit specified by Let's Encrypt (64 at time of writing).
Edited by John Hope