SSL Domains Letsencrypt Let's Encrypt: Added Internationalized Domain Name (IDN) support!

pamamolf · Oct 22, 2016

Introducing Internationalized Domain Name (IDN) Support

Let’s Encrypt is pleased to introduce support for issuing certificates that contain Internationalized Domain Names (IDNs). This means that our users around the world can now get free Let’s Encrypt certificates for domains containing characters outside of the ASCII set, which is built primarily for the English language.

We’re excited about this feature because our goal is to serve the entire Web, including those who want to use domains with language-specific characters. This feature was also commonly requested by our community.

Introducing Internationalized Domain Name (IDN) Support - Let's Encrypt - Free SSL/TLS Certificates

eva2000 · Oct 22, 2016

Nice.. but to be honest not sure how IDN domains would do on centmin mod's nginx vhost generator ? Never tried heh

pamamolf · Oct 22, 2016

I am sure that you will figure out a way for it and i think many people will like this

eva2000 · Oct 22, 2016

pamamolf said: ↑

I am sure that you will figure out a way for it and i think many people will like this
Click to expand...

hard to do if i don't have any IDN domains heh. End user will need to provide feedback and testing

VovaZ · Jun 7, 2019

Hey. I use IDN domains. Upon receipt of the certificate:

Code (Text):

-----------------------------------------------------------
issue & install letsencrypt ssl certificate for артудар.рф
-----------------------------------------------------------
testcert value = lived
/root/.acme.sh/acme.sh --issue -d артудар.рф -d www.артудар.рф --days 60 -w /home/nginx/domains/артудар.рф/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-060619-060548.log --log-level 2
[Thu Jun  6 06:06:25 UTC 2019] Creating domain key
[Thu Jun  6 06:06:26 UTC 2019] The domain key is here: /root/.acme.sh/артудар.рф/артудар.рф.key
[Thu Jun  6 06:06:26 UTC 2019] Multi domain='DNS:xn--80aal1ccjh.xn--p1ai,DNS:www.xn--80aal1ccjh.xn--p1ai'
[Thu Jun  6 06:06:26 UTC 2019] Getting domain auth token for each domain
[Thu Jun  6 06:06:28 UTC 2019] Getting webroot for domain='артудар.рф'
[Thu Jun  6 06:06:28 UTC 2019] Getting webroot for domain='www.артудар.рф'
[Thu Jun  6 06:06:29 UTC 2019] Verifying: артудар.рф
[Thu Jun  6 06:06:32 UTC 2019] артудар.рф:Verify error:Invalid response from http://xn--80aal1ccjh.xn--p1ai/.well-known/acme-challenge/7gafjSQUoe0z40AizmtcFEpdi8pqwtNPmJXzQUH01i4 [m.y.I.P]:
[Thu Jun  6 06:06:32 UTC 2019] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-060619-060548.log
LECHECK = 1

I am ready to participate in the implementation of this option, which is very necessary for me.
I can give IDN domain for tests.

PS. vestacp это умеет делать).
vestacp is able to do it).

eva2000 · Jun 7, 2019

unfortunately hadn't looked at IDN support yet but are the 2 domains listed in output below valid ?
Code (Text):
Multi domain='DNS:xn--80aal1ccjh.xn--p1ai,DNS:www.xn--80aal1ccjh.xn--p1ai'
and have corresponding DNS A records pointing to centmin mod server ?

VovaZ · Jun 7, 2019

oops. Added the www a record)).
let me check.

No((

Code (Text):

-----------------------------------------------------------
issue & install letsencrypt ssl certificate for артудар.рф
-----------------------------------------------------------
testcert value = lived
/root/.acme.sh/acme.sh --issue -d артудар.рф -d www.артудар.рф --days 60 -w /home/nginx/domains/артудар.рф/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-070619-092223.log --log-level 2
[Fri Jun  7 09:22:35 UTC 2019] Creating domain key
[Fri Jun  7 09:22:35 UTC 2019] The domain key is here: /root/.acme.sh/артудар.рф/артудар.рф.key
[Fri Jun  7 09:22:35 UTC 2019] Multi domain='DNS:xn--80aal1ccjh.xn--p1ai,DNS:www.xn--80aal1ccjh.xn--p1ai'
[Fri Jun  7 09:22:35 UTC 2019] Getting domain auth token for each domain
[Fri Jun  7 09:22:38 UTC 2019] Getting webroot for domain='артудар.рф'
[Fri Jun  7 09:22:38 UTC 2019] Getting webroot for domain='www.артудар.рф'
[Fri Jun  7 09:22:38 UTC 2019] Verifying: артудар.рф
[Fri Jun  7 09:22:41 UTC 2019] артудар.рф:Verify error:Invalid response from http://xn--80aal1ccjh.xn--p1ai/.well-known/acme-challenge/__ppdUtWDSBExr4G6kEOF64LkjUY1HDG611bzWAtW4k [109.234.35.94]:

eva2000 · Jun 7, 2019

VovaZ said: ↑

oops. Added the www a record)).
let me check.
Click to expand...

if that doesn't work try patching your centminmod 123.09beta01 code with patch i just made with IDN domain additional fixes/changes at centminmod 123.09beta01 june 7, 2019 patch for letsencrypt IDN instructions for SSH commands to patch your code are in link and then just run centmin.sh after patching to see if it works

VovaZ · Jun 7, 2019

Oh... no((.

Code (Text):

[Fri Jun  7 09:38:25 UTC 2019] Creating domain key
[Fri Jun  7 09:38:26 UTC 2019] The domain key is here: /root/.acme.sh/артудар.рф/артудар.рф.key
[Fri Jun  7 09:38:26 UTC 2019] Single domain='артудар.рф'
[Fri Jun  7 09:38:26 UTC 2019] Getting domain auth token for each domain
[Fri Jun  7 09:38:28 UTC 2019] Getting webroot for domain='артудар.рф'
[Fri Jun  7 09:38:28 UTC 2019] Verifying: артудар.рф
[Fri Jun  7 09:38:32 UTC 2019] артудар.рф:Verify error:Invalid response from http://xn--80aal1ccjh.xn--p1ai/.well-known/acme-challenge/45sAIx-JGz6vc2GIWz6q0iL0e9OtTbzMd2ZwyzWyHGA [109.234.35.94]:
[Fri Jun  7 09:38:32 UTC 2019] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-070619-093251.log
LECHECK = 1

PS. maybe you have any logs to show?

eva2000 · Jun 7, 2019

VovaZ said: ↑

Oh... no((.

Code (Text):

[Fri Jun  7 09:38:25 UTC 2019] Creating domain key
[Fri Jun  7 09:38:26 UTC 2019] The domain key is here: /root/.acme.sh/артудар.рф/артудар.рф.key
[Fri Jun  7 09:38:26 UTC 2019] Single domain='артудар.рф'
[Fri Jun  7 09:38:26 UTC 2019] Getting domain auth token for each domain
[Fri Jun  7 09:38:28 UTC 2019] Getting webroot for domain='артудар.рф'
[Fri Jun  7 09:38:28 UTC 2019] Verifying: артудар.рф
[Fri Jun  7 09:38:32 UTC 2019] артудар.рф:Verify error:Invalid response from http://xn--80aal1ccjh.xn--p1ai/.well-known/acme-challenge/45sAIx-JGz6vc2GIWz6q0iL0e9OtTbzMd2ZwyzWyHGA [109.234.35.94]:
[Fri Jun  7 09:38:32 UTC 2019] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-070619-093251.log
LECHECK = 1

PS. maybe you have any logs to show?

Click to expand...

is that with patched version or just adding www DNS A record ?

VovaZ · Jun 7, 2019

Yes

Code (Text):

[09:26][[email protected] ~]# cmupdate
No local changes to save
Already up-to-date.
[09:28][[email protected] ~]# cd /usr/local/src/centminmod
[09:28][[email protected] centminmod]# wget -4 -O ssl-idn.patch https://gist.githubusercontent.com/centminmod/a212e339daedfb14fd40fafaab1a6550/raw/ssl-idn.patch
--2019-06-07 09:28:39--  https://gist.githubusercontent.com/centminmod/a212e339daedfb14fd40fafaab1a6550/raw/ssl-idn.patch
Resolving gist.githubusercontent.com... 151.101.0.133, 151.101.64.133, 151.101.128.133, ...
Connecting to gist.githubusercontent.com|151.101.0.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3850 (3.8K) [text/plain]
Saving to: ‘ssl-idn.patch’

ssl-idn.patch                            100%[=================================================================================>]   3.76K  --.-KB/s    in 0s

2019-06-07 09:28:39 (24.9 MB/s) - ‘ssl-idn.patch’ saved [3850/3850]

[09:28][[email protected] centminmod]# patch -p1 < ssl-idn.patch
patching file addons/acmetool.sh
patching file centmin.sh
patching file inc/nginx_addvhost.inc
patching file inc/wpsetup-fastcgi-cache.inc
patching file inc/wpsetup.inc
patching file tools/nv.sh
[09:28][[email protected] centminmod]#

eva2000 · Jun 7, 2019

can you share the full contents of log at /root/centminlogs/acmetool.sh-debug-log-070619-093251.log via gist.github.com or pastebin.com masking any sensitive info you don't want shown publicly
Code (Text):
Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-070619-093251.log

eva2000 · Jun 7, 2019

also does the domain actually work itself

post output for these commands
Code (Text):
curl -I http://xn--80aal1ccjh.xn--p1ai
Code (Text):
curl -Iv http://xn--80aal1ccjh.xn--p1ai
Code (Text):
curl -4Iv http://xn--80aal1ccjh.xn--p1ai
for posting code or output from commands to keep the formatting, you might want to use CODE tags for code How to use forum BBCODE code tags

eva2000 · Jun 7, 2019

@VovaZ made an updated patch with a few more changes in addon/acmetools.sh follow same instructions at centminmod 123.09beta01 june 7, 2019 patch for letsencrypt IDN domain support - cmupdate will reset your local centmin mod code before re-patching again
Code (Text):
cmupdate
cd /usr/local/src/centminmod
wget -4 -O ssl-idn.patch https://gist.githubusercontent.com/centminmod/a212e339daedfb14fd40fafaab1a6550/raw/ssl-idn.patch
patch -p1 < ssl-idn.patch

VovaZ · Jun 7, 2019

eva2000 said: ↑

@VovaZ made an updated patch with a few more changes in addon/acmetools.sh follow same instructions at centminmod 123.09beta01 june 7, 2019 patch for letsencrypt IDN domain support - cmupdate will reset your local centmin mod code before re-patching again
Click to expand...

With the latest patch not helped.. Here is the latest log.
Log

eva2000 · Jun 7, 2019

i see what's happening my code to tag www. in front of inputed domain name is tripping up letsencrypt domain validation for your IDN domain
Code (Text):
  "identifiers": [
   {
     "type": "dns",
     "value": "www.xn--80aal1ccjh.xn--p1ai"
   },
   {
     "type": "dns",
     "value": "xn--80aal1ccjh.xn--p1ai"
   }
  ],
I need to stop appending www. for IDN domains or is www. valid for IDN domains ?

eva2000 · Jun 7, 2019

looks like permission denied 403 when trying to validate seems to hit 404 not found nginx page

Code (Text):

  "type": "http-01",
  "status": "invalid",
  "error": {
   "type": "urn:ietf:params:acme:error:unauthorized",
   "detail": "Invalid response from http://xn--80aal1ccjh.xn--p1ai/.well-known/acme-challenge/cq698RIrsDM8q_QcrX6WQql-aFex56KAtS7BYbR63KA [109.234.35.94]: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003enginx\u003c/center\u003e\\r\\n\"",
   "status": 403
  },

eva2000 · Jun 7, 2019

might need the nginx vhost creation log too

When you created nginx vhost via centmin.sh menu option 2, 22 or nv command or acmetool.sh, you would of automatically created a nginx_addvhost and nginx_addvhost-remove-cmds logs in /root/centminlogs. You can find those logs via ls command listing in reverse ascending time the logs and filtered by nginx_addvhost filename using command below
Code (Text):
ls -lahrt /root/centminlogs/ | grep addvhost
example
Code (Text):
ls -lahrt /root/centminlogs/ | grep addvhost
-rw-r--r--.  1 root root 1.1K May 18 14:09 centminmod_1.2.3-eva2000.09.005_180517-140925_nginx_addvhost-remove-cmds-domain.com.log
-rw-r--r--.  1 root root 4.4K May 18 14:09 centminmod_1.2.3-eva2000.09.005_180517-140925_nginx_addvhost.log
post to pastebin.com or gist.github.com, the contents of the relevant domain.com name logs for nginx_addvhost and nginx_addvhost-remove-cmds log files

For example, in SSH use cat to ouput contents of /root/centminlogs/centminmod_1.2.3-eva2000.09.005_180517-140925_nginx_addvhost.log. Clear your SSH client window/buffer so only output is the contents of the file
Code (Text):
cat /root/centminlogs/centminmod_1.2.3-eva2000.09.005_180517-140925_nginx_addvhost.log
Then copy and paste into Pastebin.com or Gists entry. If your SSH window scroll buffer isn't that large to get the whole contents of the install log, you can download file manually and copy and paste contents.

VovaZ · Jun 7, 2019

eva2000 said: ↑
i see what's happening my code to tag www. in front of inputed domain name is tripping up letsencrypt domain validation for your IDN domain
Code (Text):
  "identifiers": [
   {
     "type": "dns",
     "value": "www.xn--80aal1ccjh.xn--p1ai"
   },
   {
     "type": "dns",
     "value": "xn--80aal1ccjh.xn--p1ai"
   }
  ],
I need to stop appending www. for IDN domains or is www. valid for IDN domains ?
Click to expand...
www. valid for IDN domains

VovaZ · Jun 7, 2019

addvhost-remove
nginx_addvhost

Log in / Register

Forums

Want to subscribe to topics you're interested in?

SSL Domains Letsencrypt Let's Encrypt: Added Internationalized Domain Name (IDN) support!

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

VovaZ New Member

eva2000 Administrator Staff Member

VovaZ New Member

eva2000 Administrator Staff Member

VovaZ New Member

eva2000 Administrator Staff Member

VovaZ New Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

VovaZ New Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

VovaZ New Member

VovaZ New Member

.

Log in / Register

Useful Searches

Want to subscribe to topics you're interested in?

SSL Domains Letsencrypt Let's Encrypt: Added Internationalized Domain Name (IDN) support!

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

VovaZ New Member

eva2000 Administrator Staff Member

VovaZ New Member

eva2000 Administrator Staff Member

VovaZ New Member

eva2000 Administrator Staff Member

VovaZ New Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

VovaZ New Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

VovaZ New Member

VovaZ New Member

.