Internationalized Domain Names

Hi folks,

I'm happy to point to three pieces of progress on Let's Encrypt IDN support:

① The new Let's Encrypt CPS 1.5 released today permits issuances for IDNs (as a policy matter).

② The Boulder CA software has added a feature to permit issuance for IDNs (as a technical matter).

③ The current development version of the Certbot client no longer prevents users from requesting punycode-formatted IDNs as part of their certificate requests (as a user interface matter).

It would be great for any other clients that currently forbid requesting certs containing punycode IDN names (the ones beginning with "xn--") to remove that limitation at this time.

There's also ongoing work on Certbot to allow users to specify requested names in Unicode form instead of IDNA form so that users will eventually be able to say -d éxample.org as a synonym for -d xn--xample-9ua.org. Right now requests can be entered only using IDNA form (with xn--) for all labels containing a non-ASCII character. If you don't know the IDNA form of your domain, you can find it using various software such as the idn2 program.

Note that issuance of certs for IDNs has not begun yet and we're still waiting for an announcement of when this may happen. But I wanted to let people know that several pieces have now been put in place to move the process forward.

2 Likes