Let's Encrypt Certificate Country Code, State, City, Organization, etc.,

[OPNDeciso]

Does it make any difference if the cert says Netherlands instead of the US (where I'm located)? When I try to change the Country Code or enter other fields, I get Certificate Error missing CA key.

[meyergru]

Well that would be quite a function if you could edit the content of LetsEncrypt certificates on your own... ;-)

That function can only work if you have set up your own CA and (re)issue a certficate issued by that. Certificates issued by other CAs via ACME can obviously be edited, but upon re-signing them, you lack the CA key, which is just what the error message says.

[keeka]

It would make it clearer for users if that certificate form's fields are only enabled when the CA key is present.
Also, could the additonal fields, such as country and org be made user editable in the acme plugin certificate request?

[meyergru]

To the best of my knowledge, LetsEncrypt does not allow for anything else than the CN and alias names in their requests, because there is no certification of anything beyond that, including the country. So, even if you provided such info in the ceritificate signing request, it would either be stripped or rejected.

For the other option, you can raise a feature request on github.

[keeka]

Thanks.
Alternatively, in the list of CAs, some visual cue to indicate whether the key is present or not. But I guess it comes down to how many CAs/certificates you're managing in opnsense.