I am unable to renew a certificate containing a german “umlaut”.
Unfortunately it seems like an error on the LE side, because it seems to be trying to resolve the de-punycoded address, which will, of course, not work. (See “hostname” in JSON-Output)
Correct me if I am wrong.
(You wont find anything under the domain, because it is only for internal use.)
Note, that obtaining new certificates with “ü” in them seems to work and obtaining the cert in the first place also worked, with the same configuration.
My domain is: müllhalde.h3ndr1k.de (müllhalde.h3ndr1k.de)
I ran this command: dehydrated -c -g
It produced this output:
# dehydrated -c -g
# INFO: Using main config file /etc/dehydrated/config
Processing xn--mllhalde-65a.h3ndr1k.de with alternative names: muellhalde.h3ndr1k.de
+ Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
+ Valid till Dec 31 23:49:45 2017 GMT Certificate will expire
(Less than 30 days). Renewing!
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for xn--mllhalde-65a.h3ndr1k.de...
+ Requesting challenge for muellhalde.h3ndr1k.de...
+ Responding to challenge for xn--mllhalde-65a.h3ndr1k.de...
ERROR: Challenge is invalid! (returned: invalid) (result: {
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:connection",
"detail": "Fetching https://müllhalde.h3ndr1k.de/.well-known/acme-challenge/<foo>: Error getting validation data",
"status": 400
},
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/<foo>",
"token": "<foo>",
"keyAuthorization": "<foo>",
"validationRecord": [
{
"url": "https://m%C3%BCllhalde.h3ndr1k.de/.well-known/acme-challenge/<foo>",
"hostname": "müllhalde.h3ndr1k.de",
"port": "443",
"addressesResolved": [],
"addressUsed": "",
"addressesTried": []
},
{
"url": "http://xn--mllhalde-65a.h3ndr1k.de/.well-known/acme-challenge/<foo>",
"hostname": "xn--mllhalde-65a.h3ndr1k.de",
"port": "80",
"addressesResolved": [
"139.20.170.204"
],
"addressUsed": "139.20.170.204",
"addressesTried": []
}
]
})
My web server is (include version): Apache 2.4.25-3+deb9u3
The operating system my web server runs on is (include version): Debian Stretch
I can login to a root shell on my machine (yes or no, or I don’t know): yes