Invalid character in DNS name on german domains with special characters


#1

Hello,

I want to add lets encrypt certs to a german domain that uses special characters like äüö in the domain. And they also converted to a ACE-String. For example: IDN-Form: überall-ist.de is converted to ACE-String: überall-ist.de
Is letsencrypt working with domains in IDN-Form and ACE-String-Form or only in ACE-String-Form on non of these two?


#2

Let’s Encrypt does work with IDNs these days, but I am not sure which form you should type into a tool like Certbot to identify your domain. Because the two forms are just different ways of writing the same thing under the hood, I think it will be OK to just try one, and if that doesn’t work (error message) try the other. You should make sure you have a recent version of whatever Let’s Encrypt client (e.g. acme.sh or Certbot) you are using, as older clients are known to have problems with IDNs.

Internally all X.509 certificates for the Web PKI must use the ACE form you describe, because the encoding used inside the certificate does not support full Unicode. The client software (e.g. web browser) may convert back into a more human readable form for display.


#3

Hi @Rocks360,

Let’s Encrypt only accepts the A-label (also known as ACE) form of IDNs.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.