[SOLVED] The CSR used when ordering a certificate is invalid. Please recheck your CSR

So I deployed another MIAB, but this time when I use AlphaSSL with the MIAB generated CSR, AlphaSSL Wildcard Certificate (3 Year) returns an Invalid CSR error.

Please Help. What are the options for CSR? Can I take a wildcard certificate that has been issued and somehow change the CSR or is there a way to modify the CSR to be valid and reissue a certificate?

I read all the other posts about SSL CSR’s. It seems that a suggestion to overwrite the CSR’s generated by MIAB admin panel is the way to use a wildcard SSL. However, @JoshData indicated in an older post that it is not using the “stock” CSR located in:


@h8h suggesting generating a new CSR on the command line and then overwriting the above file, but if MIAB admin doesn’t use it anyway, how will this work?

Under the SSL Certificates Menu in the Admin panel, it indicates:

“A multi-domain or wildcard certificate will be automatically applied to any domains it is valid for.”

But how can this work if @JoshData indicates that you can’t generate a wildcard CSR?

I don’t seem to have a directory under** /home/user-data/ssl/example.com/**

However, I DO have a file named /home/user-data/ssl/cert_sign_req.csr that “seems” like it is the same as what is populated in the admin panel. I sure wish @JoshData would just tell me what file to replace when I populate a new csr using openssl command with an *.example.com if this is the way to replace CSR on the MIAB machine.

I sure wish @JoshData would just tell me what file to replace

If you make your own CSR, the box doesn’t need to know about it. You can ignore the CSR the box gives you and use your own so long as it’s based on the private key on the box, and you can install the certificate you get using the admin panel like normal.

If you think the problem with Alpha SSL is a bug in Mail-in-a-Box, please open an issue on github and paste the buggy CSR there.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.