Generate CSR for an other certificate provider


I updated from 23a to 24 last week and don’t experienced any problems.
Also lots of clients did not complain about anything. So far so good :wink:

Today I wanted to extend the Certificate at Gandi
I go to the mailinabox web interface -> System -> TLS (SSL) Certificates looking for my CSR
I get the error message something has wrong

In the section… You will need to provide the certificate provider this Certificate Signing Request (CSR):
I only see Loading… instead of my CSR

In the /var/log/syslog I found this:

Oct 16 15:42:33 mail Exception on /ssl/csr/ [POST]#012Traceback (most recent call last):#012 File "/usr/lib/python3/dist-packages/flask/", line 1817, in wsgi_app#012 response = self.full_dispatch_request()#012 File "/usr/lib/python3/dist-packages/flask/", line 1477, in full_dispatch_request#012 rv = self.handle_user_exception(e)#012 File "/usr/lib/python3/dist-packages/flask/", line 1381, in handle_user_exception#012 reraise(exc_type, exc_value, tb)#012 File "/usr/lib/python3/dist-packages/flask/", line 33, in reraise#012 raise value#012 File "/usr/lib/python3/dist-packages/flask/", line 1475, in full_dispatch_request#012 rv = self.dispatch_request()#012 File "/usr/lib/python3/dist-packages/flask/", line 1461, in dispatch_request#012 return self.view_functions[rule.endpoint](**req.view_args)#012 File "/usr/local/bin/mailinabox-daemon", line 55, in newview#012 return viewfunc(*args, **kwargs)#012 File "/usr/local/bin/mailinabox-daemon", line 363, in ssl_get_csr#012 return create_csr(domain, ssl_private_key, request.form.get('countrycode', ''), env)#012 File "/root/mailinabox/management/", line 559, in create_csr#012 "-subj", "/C=%s/ST=/L=/O=/CN=%s" % (country_code, domain)])#012 File "/root/mailinabox/management/", line 123, in shell#012 ret = getattr(subprocess, method)(cmd_args, **kwargs)#012 File "/usr/lib/python3.4/", line 620, in check_output#012 raise CalledProcessError(retcode, process.args, output=output)#012subprocess.CalledProcessError: Command '['openssl', 'req', '-new', '-key', '/home/user-data/ssl/ssl_private_key.pem', '-sha256', '-subj', '/C=/ST=/L=/O=/']' returned non-zero exit status 1

I cannot really track what the problem is and ask if there are other locations I can look for ?

I’m having the same issue. I tracked it down to an error coming from the openssl command being generated.
If you run the command from the shell you get the following:

root@email:~# openssl req -new -key /home/user-data/ssl/ssl_private_key.pem -sha256 -subj /C=US/ST=/L=/O=/
problems making Certificate Request
140019824695104:error:0D07A098:asn1 encoding routines:ASN1_mbstring_ncopy:string too short:…/crypto/asn1/a_mbstr.c:102:minsize=1

openssl has gotten stricter about the inputs it accepts. The -subj option at

probably needs to be revised to be "/C=%s/CN=%s" instead of "/C=%s/ST=/L=/O=/CN=%s". If someone could submit this change in a pull request that’d be appreciated, including an entry in the CHANGELOG and a reference to the commit below.

We hit a related issue here:

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.