SSL Domains Letsencrypt Let's Encrypt: Added Internationalized Domain Name (IDN) support!

VovaZ · Jun 7, 2019

Code:

[11:21][root@host.zyblev.ru centminmod]# curl -I http://xn--80aal1ccjh.xn--p1ai
HTTP/1.1 200 OK
Date: Fri, 07 Jun 2019 11:40:42 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 4515
Last-Modified: Wed, 05 Jun 2019 23:11:51 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "5cf84c37-11a3"
Server: nginx centminmod
X-Powered-By: centminmod
Accept-Ranges: bytes

[11:40][root@host.zyblev.ru centminmod]# curl -Iv http://xn--80aal1ccjh.xn--p1ai
* About to connect() to xn--80aal1ccjh.xn--p1ai port 80 (#0)
*   Trying 109.234.35.94...
* Connected to xn--80aal1ccjh.xn--p1ai (109.234.35.94) port 80 (#0)
> HEAD / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: xn--80aal1ccjh.xn--p1ai
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Fri, 07 Jun 2019 11:41:01 GMT
Date: Fri, 07 Jun 2019 11:41:01 GMT
< Content-Type: text/html; charset=utf-8
Content-Type: text/html; charset=utf-8
< Content-Length: 4515
Content-Length: 4515
< Last-Modified: Wed, 05 Jun 2019 23:11:51 GMT
Last-Modified: Wed, 05 Jun 2019 23:11:51 GMT
< Connection: keep-alive
Connection: keep-alive
< Vary: Accept-Encoding
Vary: Accept-Encoding
< ETag: "5cf84c37-11a3"
ETag: "5cf84c37-11a3"
< Server: nginx centminmod
Server: nginx centminmod
< X-Powered-By: centminmod
X-Powered-By: centminmod
< Accept-Ranges: bytes
Accept-Ranges: bytes

<
* Connection #0 to host xn--80aal1ccjh.xn--p1ai left intact
[11:41][root@host.zyblev.ru centminmod]# curl -4Iv http://xn--80aal1ccjh.xn--p1ai
* About to connect() to xn--80aal1ccjh.xn--p1ai port 80 (#0)
*   Trying 109.234.35.94...
* Connected to xn--80aal1ccjh.xn--p1ai (109.234.35.94) port 80 (#0)
> HEAD / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: xn--80aal1ccjh.xn--p1ai
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Fri, 07 Jun 2019 11:41:21 GMT
Date: Fri, 07 Jun 2019 11:41:21 GMT
< Content-Type: text/html; charset=utf-8
Content-Type: text/html; charset=utf-8
< Content-Length: 4515
Content-Length: 4515
< Last-Modified: Wed, 05 Jun 2019 23:11:51 GMT
Last-Modified: Wed, 05 Jun 2019 23:11:51 GMT
< Connection: keep-alive
Connection: keep-alive
< Vary: Accept-Encoding
Vary: Accept-Encoding
< ETag: "5cf84c37-11a3"
ETag: "5cf84c37-11a3"
< Server: nginx centminmod
Server: nginx centminmod
< X-Powered-By: centminmod
X-Powered-By: centminmod
< Accept-Ranges: bytes
Accept-Ranges: bytes

<
* Connection #0 to host xn--80aal1ccjh.xn--p1ai left intact

eva2000 · Jun 7, 2019

believe found the problem just need to figure out the where to fix it which may take some time

from the nginx addvhost log the non-idn converted format of your domain seems to still be passed to acmetool.sh from centmin.sh menu option 2
Code (Text):
ok: /usr/local/src/centminmod/addons/acmetool.sh
/usr/local/src/centminmod/addons/acmetool.sh issue артудар.рф lived

------------------------------------------------------------------------------
Version Check:
------------------------------------------------------------------------------
and that seems to be confirmed at letsencrypt validation failure part of acme log where non-www version of domain for -d 1st value is your non-idn converted version, while www version was converted to idn format from my patched changes. So need to figure out where the problem is
Code (Text):
-----------------------------------------------------------
issue & install letsencrypt ssl certificate for xn--80aal1ccjh.xn--p1ai
-----------------------------------------------------------
testcert value = lived
/root/.acme.sh/acme.sh --issue -d артудар.рф -d www.xn--80aal1ccjh.xn--p1ai --days 60 -w /home/nginx/domains/xn--80aal1ccjh.xn--p1ai/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-070619-105025.log --log-level 2

eva2000 · Jun 7, 2019

Did another updated patch with a few more changes so follow same instructions at centminmod 123.09beta01 june 7, 2019 patch for letsencrypt IDN domain support - cmupdate will reset your local centmin mod code before re-patching again
Code (Text):
cmupdate
cd /usr/local/src/centminmod
wget -4 -O ssl-idn.patch https://gist.githubusercontent.com/centminmod/a212e339daedfb14fd40fafaab1a6550/raw/ssl-idn.patch
patch -p1 < ssl-idn.patch

VovaZ · Jun 7, 2019

Code:

[12:13][root@host.zyblev.ru ~]# cmupdate
Saved working directory and index state WIP on 123.09beta01: 50f521b update drop.conf defaults in 123.09beta01
HEAD is now at 50f521b update drop.conf defaults in 123.09beta01
Already up-to-date.
[12:14][root@host.zyblev.ru ~]# cd /usr/local/src/centminmod
[12:14][root@host.zyblev.ru centminmod]# wget -4 -O ssl-idn.patch https://gist.githubusercontent.com/centminmod/a212e339daedfb14fd40fafaab1a6550/raw/ssl-idn.patch
--2019-06-07 12:14:33--  https://gist.githubusercontent.com/centminmod/a212e339daedfb14fd40fafaab1a6550/raw/ssl-idn.patch
Resolving gist.githubusercontent.com... 151.101.0.133, 151.101.64.133, 151.101.128.133, ...
Connecting to gist.githubusercontent.com|151.101.0.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5377 (5.3K) [text/plain]
Saving to: ‘ssl-idn.patch’

ssl-idn.patch                            100%[=================================================================================>]   5.25K  --.-KB/s    in 0s

2019-06-07 12:14:33 (21.4 MB/s) - ‘ssl-idn.patch’ saved [5377/5377]

[12:14][root@host.zyblev.ru centminmod]# patch -p1 < ssl-idn.patch
patching file addons/acmetool.sh
patching file centmin.sh
patching file inc/nginx_addvhost.inc
patching file inc/wpsetup-fastcgi-cache.inc
patching file inc/wpsetup.inc
patching file tools/nv.sh
[12:14][root@host.zyblev.ru centminmod]# cd
[12:14][root@host.zyblev.ru ~]# centmin
/usr/local/src/centminmod ~

--------------------------------------------------------
     Centmin Mod Menu 123.09beta01 centminmod.com
--------------------------------------------------------
1).  Centmin Install
2).  Add Nginx vhost domain
3).  NSD setup domain name DNS
4).  Nginx Upgrade / Downgrade
5).  PHP Upgrade / Downgrade
6).  XCache Re-install
7).  APC Cache Re-install
8).  XCache Install
9).  APC Cache Install
10). Memcached Server Re-install
11). MariaDB MySQL Upgrade & Management
12). Zend OpCache Install/Re-install
13). Install/Reinstall Redis PHP Extension
14). SELinux disable
15). Install/Reinstall ImagicK PHP Extension
16). Change SSHD Port Number
17). Multi-thread compression: zstd,pigz,pbzip2,lbzip2
18). Suhosin PHP Extension install
19). Install FFMPEG and FFMPEG PHP Extension
20). NSD Install/Re-Install
21). Update - Nginx + PHP-FPM + Siege
22). Add Wordpress Nginx vhost + Cache Plugin
23). Update Centmin Mod Code Base
24). Exit
--------------------------------------------------------
Enter option [ 1 - 24 ] 2
--------------------------------------------------------

---------------------------------------------

---------------------------------------------------------------
Important Information
---------------------------------------------------------------

You are about to create an Nginx vhost site account with/without
HTTPS/SSL support. Details of this process are outlined on site
at centminmod.com/nginx_domain_dns_setup.html. Also read the
continually updated Getting Started Guide for Centmin Mod usage
at centminmod.com/getstarted.html which covers the pure-ftpd
ftp username that is auto generated with the Nginx vhost site.
---------------------------------------------------------------
403 Permission denied message handling
if after vhost site setup you encounter 403 permission denied errors,
check https://community.centminmod.com/threads/7308/ to see if your
site needs tools/autoprotect.sh tweaking/whitelisting
---------------------------------------------------------------

Do you want to continue with Nginx vhost site creation ? [y/n] y

Enter vhost domain name to add (without www. prefix): артудар.рф

-------------------------------------------------------------
vhost for xn--80aal1ccjh.xn--p1ai already exists
/home/nginx/domains/xn--80aal1ccjh.xn--p1ai already exists
if you need to delete the domain read the guide at:
centminmod.com/nginx_domain_dns_setup.html#deletevhost
-------------------------------------------------------------

--------------------------------------------------------
     Centmin Mod Menu 123.09beta01 centminmod.com
--------------------------------------------------------
1).  Centmin Install
2).  Add Nginx vhost domain
3).  NSD setup domain name DNS
4).  Nginx Upgrade / Downgrade
5).  PHP Upgrade / Downgrade
6).  XCache Re-install
7).  APC Cache Re-install
8).  XCache Install
9).  APC Cache Install
10). Memcached Server Re-install
11). MariaDB MySQL Upgrade & Management
12). Zend OpCache Install/Re-install
13). Install/Reinstall Redis PHP Extension
14). SELinux disable
15). Install/Reinstall ImagicK PHP Extension
16). Change SSHD Port Number
17). Multi-thread compression: zstd,pigz,pbzip2,lbzip2
18). Suhosin PHP Extension install
19). Install FFMPEG and FFMPEG PHP Extension
20). NSD Install/Re-Install
21). Update - Nginx + PHP-FPM + Siege
22). Add Wordpress Nginx vhost + Cache Plugin
23). Update Centmin Mod Code Base
24). Exit
--------------------------------------------------------
Enter option [ 1 - 24 ]

Paragraph 2 does not work

VovaZ · Jul 2, 2019

VovaZ said: ↑

Code:

[12:13][root@host.zyblev.ru ~]# cmupdate
Saved working directory and index state WIP on 123.09beta01: 50f521b update drop.conf defaults in 123.09beta01
HEAD is now at 50f521b update drop.conf defaults in 123.09beta01
Already up-to-date.
[12:14][root@host.zyblev.ru ~]# cd /usr/local/src/centminmod
[12:14][root@host.zyblev.ru centminmod]# wget -4 -O ssl-idn.patch https://gist.githubusercontent.com/centminmod/a212e339daedfb14fd40fafaab1a6550/raw/ssl-idn.patch
--2019-06-07 12:14:33--  https://gist.githubusercontent.com/centminmod/a212e339daedfb14fd40fafaab1a6550/raw/ssl-idn.patch
Resolving gist.githubusercontent.com... 151.101.0.133, 151.101.64.133, 151.101.128.133, ...
Connecting to gist.githubusercontent.com|151.101.0.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5377 (5.3K) [text/plain]
Saving to: ‘ssl-idn.patch’

ssl-idn.patch                            100%[=================================================================================>]   5.25K  --.-KB/s    in 0s

2019-06-07 12:14:33 (21.4 MB/s) - ‘ssl-idn.patch’ saved [5377/5377]

[12:14][root@host.zyblev.ru centminmod]# patch -p1 < ssl-idn.patch
patching file addons/acmetool.sh
patching file centmin.sh
patching file inc/nginx_addvhost.inc
patching file inc/wpsetup-fastcgi-cache.inc
patching file inc/wpsetup.inc
patching file tools/nv.sh
[12:14][root@host.zyblev.ru centminmod]# cd
[12:14][root@host.zyblev.ru ~]# centmin
/usr/local/src/centminmod ~

--------------------------------------------------------
     Centmin Mod Menu 123.09beta01 centminmod.com
--------------------------------------------------------
1).  Centmin Install
2).  Add Nginx vhost domain
3).  NSD setup domain name DNS
4).  Nginx Upgrade / Downgrade
5).  PHP Upgrade / Downgrade
6).  XCache Re-install
7).  APC Cache Re-install
8).  XCache Install
9).  APC Cache Install
10). Memcached Server Re-install
11). MariaDB MySQL Upgrade & Management
12). Zend OpCache Install/Re-install
13). Install/Reinstall Redis PHP Extension
14). SELinux disable
15). Install/Reinstall ImagicK PHP Extension
16). Change SSHD Port Number
17). Multi-thread compression: zstd,pigz,pbzip2,lbzip2
18). Suhosin PHP Extension install
19). Install FFMPEG and FFMPEG PHP Extension
20). NSD Install/Re-Install
21). Update - Nginx + PHP-FPM + Siege
22). Add Wordpress Nginx vhost + Cache Plugin
23). Update Centmin Mod Code Base
24). Exit
--------------------------------------------------------
Enter option [ 1 - 24 ] 2
--------------------------------------------------------

---------------------------------------------

---------------------------------------------------------------
Important Information
---------------------------------------------------------------

You are about to create an Nginx vhost site account with/without
HTTPS/SSL support. Details of this process are outlined on site
at centminmod.com/nginx_domain_dns_setup.html. Also read the
continually updated Getting Started Guide for Centmin Mod usage
at centminmod.com/getstarted.html which covers the pure-ftpd
ftp username that is auto generated with the Nginx vhost site.
---------------------------------------------------------------
403 Permission denied message handling
if after vhost site setup you encounter 403 permission denied errors,
check https://community.centminmod.com/threads/7308/ to see if your
site needs tools/autoprotect.sh tweaking/whitelisting
---------------------------------------------------------------

Do you want to continue with Nginx vhost site creation ? [y/n] y

Enter vhost domain name to add (without www. prefix): артудар.рф

-------------------------------------------------------------
vhost for xn--80aal1ccjh.xn--p1ai already exists
/home/nginx/domains/xn--80aal1ccjh.xn--p1ai already exists
if you need to delete the domain read the guide at:
centminmod.com/nginx_domain_dns_setup.html#deletevhost
-------------------------------------------------------------

--------------------------------------------------------
     Centmin Mod Menu 123.09beta01 centminmod.com
--------------------------------------------------------
1).  Centmin Install
2).  Add Nginx vhost domain
3).  NSD setup domain name DNS
4).  Nginx Upgrade / Downgrade
5).  PHP Upgrade / Downgrade
6).  XCache Re-install
7).  APC Cache Re-install
8).  XCache Install
9).  APC Cache Install
10). Memcached Server Re-install
11). MariaDB MySQL Upgrade & Management
12). Zend OpCache Install/Re-install
13). Install/Reinstall Redis PHP Extension
14). SELinux disable
15). Install/Reinstall ImagicK PHP Extension
16). Change SSHD Port Number
17). Multi-thread compression: zstd,pigz,pbzip2,lbzip2
18). Suhosin PHP Extension install
19). Install FFMPEG and FFMPEG PHP Extension
20). NSD Install/Re-Install
21). Update - Nginx + PHP-FPM + Siege
22). Add Wordpress Nginx vhost + Cache Plugin
23). Update Centmin Mod Code Base
24). Exit
--------------------------------------------------------
Enter option [ 1 - 24 ]

Paragraph 2 does not work

Click to expand...

Too bad I don't know English. All with translator((.
Everything works.
Only very inconvenient that the domain directory is created with the name IDN.
For example, for the domain артудар.рф creates a directory named /home/nginx/domains/xn--80aal1ccjh.xn--p1ai, that if you have multiple idn domains it is very difficult to navigate on disk

eva2000 · Jul 3, 2019

VovaZ said: ↑

Too bad I don't know English. All with translator((.
Everything works.
Click to expand...

thanks for confirmation - always good to have confirmation if a fix I make actually works

VovaZ said: ↑

Only very inconvenient that the domain directory is created with the name IDN.
For example, for the domain артудар.рф creates a directory named /home/nginx/domains/xn--80aal1ccjh.xn--p1ai, that if you have multiple idn domains it is very difficult to navigate on disk
Click to expand...

Unfortunately, it's required as scripting language and nginx vhost/letsencrypt routine/code wouldn't be able to otherwise understand IDN domain name's in their native format - I will see what I can do to improve this - maybe a on the fly IDN to punycode converter like the online ones Punycoder - the Punycode converter (IDN converter)

VovaZ · Jul 3, 2019

eva2000 said: ↑

thanks for confirmation - always good to have confirmation if a fix I make actually works

Unfortunately, it's required as scripting language and nginx vhost/letsencrypt routine/code wouldn't be able to otherwise understand IDN domain name's in their native format - I will see what I can do to improve this - maybe a on the fly IDN to punycode converter like the online ones Punycoder - the Punycode converter (IDN converter)
Click to expand...

Thank you for your work.
In vestacp on nginx-php-fpm, a directory is created with the name as the domain is specified.
Can be peek).

eva2000 · Jul 3, 2019

VovaZ said: ↑

Thank you for your work.
In vestacp on nginx-php-fpm, a directory is created with the name as the domain is specified.
Can be peek).
Click to expand...

yeah i'll need to figure out a way but i do not have an IDN domains of my own for testing this

VovaZ · Jul 4, 2019

eva2000 said: ↑

yeah i'll need to figure out a way but i do not have an IDN domains of my own for testing this
Click to expand...

I can redirect one IDN domain to tests for a while.

Log in / Register

Forums

Get the most out of your Centmin Mod LEMP stack

SSL Domains Letsencrypt Let's Encrypt: Added Internationalized Domain Name (IDN) support!

VovaZ New Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

VovaZ New Member

VovaZ New Member

eva2000 Administrator Staff Member

VovaZ New Member

eva2000 Administrator Staff Member

VovaZ New Member

.

Log in / Register

Useful Searches

Get the most out of your Centmin Mod LEMP stack

SSL Domains Letsencrypt Let's Encrypt: Added Internationalized Domain Name (IDN) support!

VovaZ New Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

VovaZ New Member

VovaZ New Member

eva2000 Administrator Staff Member

VovaZ New Member

eva2000 Administrator Staff Member

VovaZ New Member

.