I am working on a Let's Encrypt client that needs to create a new CSR,
signed with a new key, every time that it renews a certificate. AFAICT,
there really isn't any sort of "CSR template" format that I could put in
a configuration file, so my preferred approach would be to simply use an
existing
This is the (as you noted, unofficial) escape hatch we added for alternate
ASN.1 types that aren't UTF8String. We may revisit this once the ASN.1 DER
work (https://github.com/pyca/cryptography/issues/12283) lands because then
we'll have a public API for generating arbitrary ASN.1 structures, which
