Discover Centmin Mod today
Register Now

SSL Domains Letsencrypt Let's Encrypt: Added Internationalized Domain Name (IDN) support!

Discussion in 'Domains, DNS, Email & SSL Certificates' started by pamamolf, Oct 22, 2016.

  1. pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    2:36 PM
    Nginx-1.26.x
    MariaDB 10.6.x
    Introducing Internationalized Domain Name (IDN) Support


    Let’s Encrypt is pleased to introduce support for issuing certificates that contain Internationalized Domain Names (IDNs). This means that our users around the world can now get free Let’s Encrypt certificates for domains containing characters outside of the ASCII set, which is built primarily for the English language.

    We’re excited about this feature because our goal is to serve the entire Web, including those who want to use domains with language-specific characters. This feature was also commonly requested by our community.

    Introducing Internationalized Domain Name (IDN) Support - Let's Encrypt - Free SSL/TLS Certificates
     
  2. eva2000

    eva2000 Administrator Staff Member

    55,801
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    9:36 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Nice.. but to be honest not sure how IDN domains would do on centmin mod's nginx vhost generator ? Never tried heh
     
  3. pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    2:36 PM
    Nginx-1.26.x
    MariaDB 10.6.x
    I am sure that you will figure out a way for it and i think many people will like this :)
     
  4. eva2000

    eva2000 Administrator Staff Member

    55,801
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    9:36 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    hard to do if i don't have any IDN domains heh. End user will need to provide feedback and testing :)
     
  5. VovaZ

    VovaZ New Member

    27
    1
    3
    Jun 6, 2019
    Russia
    Ratings:
    +3
    Local Time:
    2:36 PM
    1.17.x
    MariaDB 10.4.x
    Hey. I use IDN domains. Upon receipt of the certificate:
    Code (Text):
    -----------------------------------------------------------
    issue & install letsencrypt ssl certificate for артудар.рф
    -----------------------------------------------------------
    testcert value = lived
    /root/.acme.sh/acme.sh --issue -d артудар.рф -d www.артудар.рф --days 60 -w /home/nginx/domains/артудар.рф/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-060619-060548.log --log-level 2
    [Thu Jun  6 06:06:25 UTC 2019] Creating domain key
    [Thu Jun  6 06:06:26 UTC 2019] The domain key is here: /root/.acme.sh/артудар.рф/артудар.рф.key
    [Thu Jun  6 06:06:26 UTC 2019] Multi domain='DNS:xn--80aal1ccjh.xn--p1ai,DNS:www.xn--80aal1ccjh.xn--p1ai'
    [Thu Jun  6 06:06:26 UTC 2019] Getting domain auth token for each domain
    [Thu Jun  6 06:06:28 UTC 2019] Getting webroot for domain='артудар.рф'
    [Thu Jun  6 06:06:28 UTC 2019] Getting webroot for domain='www.артудар.рф'
    [Thu Jun  6 06:06:29 UTC 2019] Verifying: артудар.рф
    [Thu Jun  6 06:06:32 UTC 2019] артудар.рф:Verify error:Invalid response from http://xn--80aal1ccjh.xn--p1ai/.well-known/acme-challenge/7gafjSQUoe0z40AizmtcFEpdi8pqwtNPmJXzQUH01i4 [m.y.I.P]:
    [Thu Jun  6 06:06:32 UTC 2019] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-060619-060548.log
    LECHECK = 1
    
    

    I am ready to participate in the implementation of this option, which is very necessary for me.
    I can give IDN domain for tests.

    PS. vestacp это умеет делать).
    vestacp is able to do it).
     
    Last edited: Jun 7, 2019
  6. eva2000

    eva2000 Administrator Staff Member

    55,801
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    9:36 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    unfortunately hadn't looked at IDN support yet but are the 2 domains listed in output below valid ?
    Code (Text):
    Multi domain='DNS:xn--80aal1ccjh.xn--p1ai,DNS:www.xn--80aal1ccjh.xn--p1ai'
    

    and have corresponding DNS A records pointing to centmin mod server ?
     
  7. VovaZ

    VovaZ New Member

    27
    1
    3
    Jun 6, 2019
    Russia
    Ratings:
    +3
    Local Time:
    2:36 PM
    1.17.x
    MariaDB 10.4.x
    oops. Added the www a record)).
    let me check.

    No((
    Code (Text):
    -----------------------------------------------------------
    issue & install letsencrypt ssl certificate for артудар.рф
    -----------------------------------------------------------
    testcert value = lived
    /root/.acme.sh/acme.sh --issue -d артудар.рф -d www.артудар.рф --days 60 -w /home/nginx/domains/артудар.рф/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-070619-092223.log --log-level 2
    [Fri Jun  7 09:22:35 UTC 2019] Creating domain key
    [Fri Jun  7 09:22:35 UTC 2019] The domain key is here: /root/.acme.sh/артудар.рф/артудар.рф.key
    [Fri Jun  7 09:22:35 UTC 2019] Multi domain='DNS:xn--80aal1ccjh.xn--p1ai,DNS:www.xn--80aal1ccjh.xn--p1ai'
    [Fri Jun  7 09:22:35 UTC 2019] Getting domain auth token for each domain
    [Fri Jun  7 09:22:38 UTC 2019] Getting webroot for domain='артудар.рф'
    [Fri Jun  7 09:22:38 UTC 2019] Getting webroot for domain='www.артудар.рф'
    [Fri Jun  7 09:22:38 UTC 2019] Verifying: артудар.рф
    [Fri Jun  7 09:22:41 UTC 2019] артудар.рф:Verify error:Invalid response from http://xn--80aal1ccjh.xn--p1ai/.well-known/acme-challenge/__ppdUtWDSBExr4G6kEOF64LkjUY1HDG611bzWAtW4k [109.234.35.94]:
    
    
     
    Last edited: Jun 7, 2019
  8. eva2000

    eva2000 Administrator Staff Member

    55,801
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    9:36 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    if that doesn't work try patching your centminmod 123.09beta01 code with patch i just made with IDN domain additional fixes/changes at centminmod 123.09beta01 june 7, 2019 patch for letsencrypt IDN instructions for SSH commands to patch your code are in link and then just run centmin.sh after patching to see if it works
     
  9. VovaZ

    VovaZ New Member

    27
    1
    3
    Jun 6, 2019
    Russia
    Ratings:
    +3
    Local Time:
    2:36 PM
    1.17.x
    MariaDB 10.4.x
    Oh... no((.
    Code (Text):
    [Fri Jun  7 09:38:25 UTC 2019] Creating domain key
    [Fri Jun  7 09:38:26 UTC 2019] The domain key is here: /root/.acme.sh/артудар.рф/артудар.рф.key
    [Fri Jun  7 09:38:26 UTC 2019] Single domain='артудар.рф'
    [Fri Jun  7 09:38:26 UTC 2019] Getting domain auth token for each domain
    [Fri Jun  7 09:38:28 UTC 2019] Getting webroot for domain='артудар.рф'
    [Fri Jun  7 09:38:28 UTC 2019] Verifying: артудар.рф
    [Fri Jun  7 09:38:32 UTC 2019] артудар.рф:Verify error:Invalid response from http://xn--80aal1ccjh.xn--p1ai/.well-known/acme-challenge/45sAIx-JGz6vc2GIWz6q0iL0e9OtTbzMd2ZwyzWyHGA [109.234.35.94]:
    [Fri Jun  7 09:38:32 UTC 2019] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-070619-093251.log
    LECHECK = 1
    
    


    PS. maybe you have any logs to show?
     
  10. eva2000

    eva2000 Administrator Staff Member

    55,801
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    9:36 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    is that with patched version or just adding www DNS A record ?
     
  11. VovaZ

    VovaZ New Member

    27
    1
    3
    Jun 6, 2019
    Russia
    Ratings:
    +3
    Local Time:
    2:36 PM
    1.17.x
    MariaDB 10.4.x
    Yes
    Code (Text):
    [09:26][root@host.zyblev.ru ~]# cmupdate
    No local changes to save
    Already up-to-date.
    [09:28][root@host.zyblev.ru ~]# cd /usr/local/src/centminmod
    [09:28][root@host.zyblev.ru centminmod]# wget -4 -O ssl-idn.patch https://gist.githubusercontent.com/centminmod/a212e339daedfb14fd40fafaab1a6550/raw/ssl-idn.patch
    --2019-06-07 09:28:39--  https://gist.githubusercontent.com/centminmod/a212e339daedfb14fd40fafaab1a6550/raw/ssl-idn.patch
    Resolving gist.githubusercontent.com... 151.101.0.133, 151.101.64.133, 151.101.128.133, ...
    Connecting to gist.githubusercontent.com|151.101.0.133|:443... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 3850 (3.8K) [text/plain]
    Saving to: ‘ssl-idn.patch’
    
    ssl-idn.patch                            100%[=================================================================================>]   3.76K  --.-KB/s    in 0s
    
    2019-06-07 09:28:39 (24.9 MB/s) - ‘ssl-idn.patch’ saved [3850/3850]
    
    [09:28][root@host.zyblev.ru centminmod]# patch -p1 < ssl-idn.patch
    patching file addons/acmetool.sh
    patching file centmin.sh
    patching file inc/nginx_addvhost.inc
    patching file inc/wpsetup-fastcgi-cache.inc
    patching file inc/wpsetup.inc
    patching file tools/nv.sh
    [09:28][root@host.zyblev.ru centminmod]# 
    


    [​IMG]
     
    Last edited: Jun 7, 2019
  12. eva2000

    eva2000 Administrator Staff Member

    55,801
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    9:36 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    can you share the full contents of log at /root/centminlogs/acmetool.sh-debug-log-070619-093251.log via gist.github.com or pastebin.com masking any sensitive info you don't want shown publicly
    Code (Text):
    Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-070619-093251.log
     
  13. eva2000

    eva2000 Administrator Staff Member

    55,801
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    9:36 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    also does the domain actually work itself

    post output for these commands
    Code (Text):
    curl -I http://xn--80aal1ccjh.xn--p1ai
    

    Code (Text):
    curl -Iv http://xn--80aal1ccjh.xn--p1ai
    

    Code (Text):
    curl -4Iv http://xn--80aal1ccjh.xn--p1ai
    

    for posting code or output from commands to keep the formatting, you might want to use CODE tags for code How to use forum BBCODE code tags :)
     
  14. eva2000

    eva2000 Administrator Staff Member

    55,801
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    9:36 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    @VovaZ made an updated patch with a few more changes in addon/acmetools.sh follow same instructions at centminmod 123.09beta01 june 7, 2019 patch for letsencrypt IDN domain support - cmupdate will reset your local centmin mod code before re-patching again
    Code (Text):
    cmupdate
    cd /usr/local/src/centminmod
    wget -4 -O ssl-idn.patch https://gist.githubusercontent.com/centminmod/a212e339daedfb14fd40fafaab1a6550/raw/ssl-idn.patch
    patch -p1 < ssl-idn.patch
    
     
  15. VovaZ

    VovaZ New Member

    27
    1
    3
    Jun 6, 2019
    Russia
    Ratings:
    +3
    Local Time:
    2:36 PM
    1.17.x
    MariaDB 10.4.x
  16. eva2000

    eva2000 Administrator Staff Member

    55,801
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    9:36 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    i see what's happening my code to tag www. in front of inputed domain name is tripping up letsencrypt domain validation for your IDN domain
    Code (Text):
      "identifiers": [
       {
         "type": "dns",
         "value": "www.xn--80aal1ccjh.xn--p1ai"
       },
       {
         "type": "dns",
         "value": "xn--80aal1ccjh.xn--p1ai"
       }
      ],
    

    I need to stop appending www. for IDN domains or is www. valid for IDN domains ?
     
  17. eva2000

    eva2000 Administrator Staff Member

    55,801
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    9:36 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    looks like permission denied 403 when trying to validate seems to hit 404 not found nginx page
    Code (Text):
      "type": "http-01",
      "status": "invalid",
      "error": {
       "type": "urn:ietf:params:acme:error:unauthorized",
       "detail": "Invalid response from http://xn--80aal1ccjh.xn--p1ai/.well-known/acme-challenge/cq698RIrsDM8q_QcrX6WQql-aFex56KAtS7BYbR63KA [109.234.35.94]: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003enginx\u003c/center\u003e\\r\\n\"",
       "status": 403
      },
    
     
  18. eva2000

    eva2000 Administrator Staff Member

    55,801
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    9:36 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    might need the nginx vhost creation log too

    When you created nginx vhost via centmin.sh menu option 2, 22 or nv command or acmetool.sh, you would of automatically created a nginx_addvhost and nginx_addvhost-remove-cmds logs in /root/centminlogs. You can find those logs via ls command listing in reverse ascending time the logs and filtered by nginx_addvhost filename using command below
    Code (Text):
    ls -lahrt /root/centminlogs/ | grep addvhost
    

    example
    Code (Text):
    ls -lahrt /root/centminlogs/ | grep addvhost
    -rw-r--r--.  1 root root 1.1K May 18 14:09 centminmod_1.2.3-eva2000.09.005_180517-140925_nginx_addvhost-remove-cmds-domain.com.log
    -rw-r--r--.  1 root root 4.4K May 18 14:09 centminmod_1.2.3-eva2000.09.005_180517-140925_nginx_addvhost.log
    

    post to pastebin.com or gist.github.com, the contents of the relevant domain.com name logs for nginx_addvhost and nginx_addvhost-remove-cmds log files

    For example, in SSH use cat to ouput contents of /root/centminlogs/centminmod_1.2.3-eva2000.09.005_180517-140925_nginx_addvhost.log. Clear your SSH client window/buffer so only output is the contents of the file
    Code (Text):
    cat /root/centminlogs/centminmod_1.2.3-eva2000.09.005_180517-140925_nginx_addvhost.log
    

    Then copy and paste into Pastebin.com or Gists entry. If your SSH window scroll buffer isn't that large to get the whole contents of the install log, you can download file manually and copy and paste contents.
     
  19. VovaZ

    VovaZ New Member

    27
    1
    3
    Jun 6, 2019
    Russia
    Ratings:
    +3
    Local Time:
    2:36 PM
    1.17.x
    MariaDB 10.4.x
    www. valid for IDN domains
    [​IMG]
     
    Last edited: Jun 7, 2019
  20. VovaZ

    VovaZ New Member

    27
    1
    3
    Jun 6, 2019
    Russia
    Ratings:
    +3
    Local Time:
    2:36 PM
    1.17.x
    MariaDB 10.4.x