Generate PFX when using CSR

[jimbju]

Hi,

Is it possible to make lego generate a PFX when requesting a certificate based on a CSR?
I'm saving the CSR and private key:
.lego/certificates/<domain_name>.csr
.lego/certificates/<domain_name>.key

Executing lego:

 /lego/lego --server https://<acme_ca>/acme/acme/directory --email [email protected] --accept-tos --path .lego --http --http.port :8080 --http.delay 3s --csr .lego/certificates/<domain_name>.csr --pfx --pfx.pass **** run

Result:

2025/02/09 14:35:10 [INFO] [<domain_name>] acme: Obtaining bundled SAN certificate given a CSR
2025/02/09 14:35:11 [INFO] [<domain_name>] AuthURL: https://<acme_ca>/acme/acme/authz/16ad1361-6b69-40f0-a073-4e53343a402a
2025/02/09 14:35:11 [INFO] [<domain_name>] acme: Could not find solver for: tls-alpn-01
2025/02/09 14:35:11 [INFO] [<domain_name>] acme: use http-01 solver
2025/02/09 14:35:11 [INFO] [<domain_name>] acme: Trying to solve HTTP-01
2025/02/09 14:35:14 [INFO] [<domain_name>] Served key authentication
2025/02/09 14:35:14 [INFO] [<domain_name>] The server validated our request
2025/02/09 14:35:14 [INFO] [<domain_name>] acme: Validations succeeded; requesting certificates
2025/02/09 14:35:14 [INFO] [<domain_name>] Server responded with a certificate.
2025/02/09 14:35:14 Unable to save PEM or PFX without private key for domain <domain_name>. Are you using a CSR?

Maybe it's not supported to generate PFX when providing CSR?
Thanks! 🙏

[ldez]

Maybe it's not supported to generate PFX when providing CSR?

yes, it's not possible with CSR because lego needs the private key.

[jimbju]

Reason I'm asking is I have a use case where I need subject DN in the cert. I can't find any option for setting that in the CLI tool. Any plans on adding support for DN? Or is there a reason why it was left out?

[ldez]

I'm working on a flag to add the private key.

[ldez]

#2431