I’m pleased to announce that Let’s Encrypt now supports issuance for Internationalized Domain Names (IDNs).
Note that the currently-released Certbot version (0.9.2) has a built-in check that prevents issuance for IDNs. To issue certificates with Certbot that contain IDNs, you can follow the developer instructions to install the latest development version. Or you can wait for the next Certbot release, currently planned for end of October / early November, or use an alternate client.
Let’s Encrypt (and the ACME protocol) accept IDNs only as A-labels (ASCII labels, starting with
xn--, also known as Punycode), not as U-labels (Unicode labels). You can convert between U-labels and A-labels using https://github.com/bestiejs/punycode.js/ or https://www.punycoder.com/. Note that https://www.punycoder.com/ supports the older IDNA the older IDNA2003 spec, while Boulder implements the newer IDNA2008 spec, and so may reject some names converted by that site.
Also note that registries impose some limits on what IDNs may be registered, and browsers impose additional constraints on which IDNs will be represented in their U-label form. If you are thinking of purchasing a domain name, you should ensure it will render the way you want on the browsers that you care about.