Custom csr support in _createcsr function

[avollmaier]

Hello everyone,
is it possible to provide and then use your own csr config for signing the certificates? I believe the _createcsr function does the generation of a CSR. The problem is that it always overwrites the existing config... :(

[github-actions]

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

[avollmaier]

feature request?

[Neilpang]

why not read the wiki page first:
https://github.com/acmesh-official/acme.sh/wiki/Issue-a-cert-from-existing-CSR

[avollmaier]

because after a signcsr i cant do a posthook and transfer it into a keystore with the to-pkcs function :(

• missing domain key

[Neilpang]

https://github.com/acmesh-official/acme.sh/wiki/Using-pre-hook-post-hook-renew-hook-reloadcmd

https://github.com/acmesh-official/acme.sh/wiki/deployhooks

[avollmaier]

As i already said i got this key error when the posthook triggers... the signcsr doesnt generate a key so there is no key in the folder

/root/.acme.sh/acme.sh --signcsr --csr csr.pem --standalone --server xxxx --days 12 --post-hook "/root/.acme.sh/acme.sh --domain xxxx --to-pkcs12 --password changeit"

[Mo 22. Apr 08:37:49 CEST 2024] Run post hook:'/root/.acme.sh/acme.sh --domain xxxxx --to-pkcs12 --password changeit'
Error opening private key /root/.acme.sh/xxxxx/xxxxx.key
139733299238816:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen('/root/.acme.sh/xxxxx/xxxx.key','r')
139733299238816:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
unable to load private key

[avollmaier]

This works for me:

_createcsr() {
....
if [ -f "$csrconf" ]; then
${ACME_OPENSSL_BIN:-openssl} req -new -sha256 -key "$csrkey" -config "$csrconf" -out "$csr"
return
fi
...