16: xn--8080apmfex.xn--p1ai
17: www.xn--8080apmfex.xn--p1ai
18: xn--v1aaa.xn--8080apmfex.xn--p1ai
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):16
Obtaining a new certificate
An unexpected error occurred:
The request message was malformed :: Error creating new authz :: DNS label contains malformed punycode
Please see the logfiles in /var/log/letsencrypt for more details.
root@vds3997:~# cat /etc/nginx/sites-available/psy-apache | grep server_
server_name www.xn--80apmfex.xn--p1ai xn--80apmfex.xn--p1ai xn--v1aaa.xn--80apmfex.xn-
-p1ai;
root@vds3997:~#
Could you try grep 8080 instead of grep server_ just to make sure? But I think you are right that this is likely to be a Certbot bug.
@bmw, can you think of a reason why Certbot would read the domain name xn--80apmfex.xn--p1ai from an Apache configuration file as xn--8080apmfex.xn--p1ai (with 8080 in place of 80)?
@swedenborg, instead of choosing from the menu, you could also try to specify -d xn--80ampfex.xn-p1ai on the command line and see if that makes Certbot behave correctly.
@swedenborg, I saw that you also posted a GitHub issue, which might be more helpful than this forum topic—I think I agree that this is probably a Certbot bug.
Unfortunately someone else there also had trouble reproducing the bug, so maybe you can keep talking with people on GitHub to try to help others figure out how to reproduce it. Posting relevant configuration or log files there might be helpful too (like your Apache configuration or /var/log/letsencrypt logs, possibly partially redacted if there is some information you don’t want to share).