Comment 1 for bug 2058012

The label is using the certificate.csr itself in its composition. Now, x509 may have chars that can be considered special (\n, /, +, etc). I guess you fail whenever the CSR contains a char that the label itself cannot have.

Now, I cannot find where the label is passed through a regex. I see two regexes across the `secret-add` path:
1. https://github.com/juju/juju/blob/3.6/core/secrets/createsecret.go#L19
2. Within the agent's uniter, for the URI: https://github.com/juju/juju/blob/3.6/core/secrets/secret.go#L47-L53

Still, I cannot find where the label is checked against a regex. So, this is just a hypothesis rn.

@yazansalti can you point us to the charm that is using the CSR as a label?

In any case, would be easier to hash the CSR and use the hash as a label instead.