Symptoms
When using AutoSSL with Let's Encrypt, your domain fails to be issued a certificate due to an error similar to the following error:
2:31:11 PM WARN Cpanel::Exception/(XID axwj5p) “https://acme-v02.api.letsencrypt.org/acme/new-order” indicated an ACME error: 400 Bad Request (400 urn:ietf:params:acme:error:rejectedIdentifier (The server will not issue for the identifier) (NewOrder request did not include a SAN short enough to fit in CN)).
Description
This error occurs when attempting to request an SSL certificate from Let's Encrypt for a domain name longer than 64 characters. When this domain name is used as the Common Name (CN) for the SSL certificate, the request fails.
Workaround
Use a shorter domain name as the CN and have the longer domain names be treated as Subject Alternative Names (SANs) on the certificate. As SANs have a larger character limit than CNs, the issue should be avoided by only having long domain names as SANs on Let's Encrypt SSL certificates.