Certbot with åäö domain?

How do i use certbot on a domain that has åäö characters?

running the certbot gives me:

Non-ASCII domain names not supported.... .... use punycode

but when using punycode with certbot I get:

an unexpected error occured. domain name contains an invalid label in a reserved format (R-LDH: '??--')

How do I solve this?

Probably by using proper punycode? Could you please provide the exact domain name you're trying to get a certificate for and the exact command line you're using with the punycode?

1 Like

bmiräknaren.se

sudo certbot --apache -d xn--bmirknaren-t5a.se

I'm not getting any punycode error when I run a certbot command using that domain name. Could you please share the entire certbot output when you run that exact command?

1 Like

Obtaining a new certificate

An unexpected error occurred:
Error creating new order :: Cannot issue for "nx??--bmirknaren-t5a.se": Domain name contains an invalid character

/var/log/letsencrypt is empty

How about wrapped with single quotes?:
sudo certbot --apache -d 'xn--bmirknaren-t5a.se'

And which version of certbot are you using?

Error creating new order :: cannot issue for "nx--bmirknaren-t5a.se: domain name contains an ivalid label in a reserved format (R-LDH: '??--')

single quotes gave me

an unexpected error occured. domain name contains an invalid label in a reserved format (R-LDH: '??--')

but WHOA. typing certbox -v straight after made it go into the setup? it wotks now

hmm...
Did you get a renewed cert?

Please show outputs of:
certbot certificates
certbot --version

That is like just typing certbot
[but with added logging]

Please switch to staging environment for testing.
There have already been several certs issued for that domain today:
crt.sh | xn--bmirknaren-t5a.se

I cant scroll up in my VPS terminal (or copy from it) but writing cert -v gets me into the certbot cert setup again

found the following certs:
Certificate Name: mydomain.se
....
....
....
Certificate name: xn--bmirknaren-t5a.se
Domains: xn--bmirknaren-t5a.se
Expiry Date: 2021-11-12 18:57:30+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/xn--bmirknaren-t5a.se/fiullchain.pem
Certificate Path: /etc/letsencrypt/live/xn--bmirknaren-t5a.se/privkey.pem

NOT certbot -v

oh sorry
0.31.0

1 Like

OK, so you have a cert.
You can stop trying to get another one.
Now you just need to use it :slight_smile:

I just found it a bit weird, didnt work as it always does for me

thanks for the help guys

1 Like

Not sure how you got it, nor why that error was shown.
But I think certbot should be able to renew it when the time comes.
If not, you know where to find us! LOL
Cheers from Miami :beers:

#FreeCuba

1 Like

I know you already got your certificate working, but this error doesn't make any sense: why would the start of the punycode domain name suddenly become "nx" instead of the corret "xn..."? Did you actually use the correct punycode, i.e.: ASCII? To me it sounds like you got some extra non-ASCII characters somewhere in that command you've tried earlier..

1 Like

How about this test?:
sudo certbot --apache -d 'xn\-\-bmirknaren-t5a.se' --dry-run

@rg305 Just run something like certbot certonly --staging --webroot -w /tmp/ -d xn--bmirknaren-t5a.se on your own computer: works just fine except for the obvious authentication error. No need for quotes or escaping the dashes, why would there be? Punycode is just plain ASCII.. If done right, that's the whole idea behind punycode. Maybe Unicode or something else than ASCII gave errors previously, but if you're just using ASCII for the punycode, like one should, it's no issue what so ever.

1 Like

I too ran a similar test on certbot version 0.31.0 without seeing this error message.
This might be more of a copy/paste issue than what meets the :eye:
What you see isn't always what is being pasted.

sudo certbot certonly --webroot -w /var/tmp -d 'xn--bmirknaren-t5a.se' --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for xn--bmirknaren-t5a.se
Using the webroot path /var/tmp for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. xn--bmirknaren-t5a.se (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://xn--bmirknaren-t5a.se/.well-known/acme-challenge/ced-sICdDVJVad4DXs5PMXdmickPyaBJLD4rJAPj4v4 [95.217.15.208]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: xn--bmirknaren-t5a.se
   Type:   unauthorized
   Detail: Invalid response from
   https://xn--bmirknaren-t5a.se/.well-known/acme-challenge/ced-sICdDVJVad4DXs5PMXdmickPyaBJLD4rJAPj4v4
   [95.217.15.208]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
certbot --version
certbot 0.31.0
1 Like