I would expect this part of the configuration to be punycoded like the CN you provided on the command line. (also, is the trailing ' character a copy-paste mistake?)
I need to have the literal representation of the domain either in alias or in the CN, or many XMPP clients will reject the punycoded IDN. It is a requirement of the XMPP protocol that all references to a JID be sent as UTF8 over the wire.
Unfortunately I think this requirement will preclude using a certificate issued by a trusted root certificate authority. RFC 5280 defines how to put an internationalized name into a certificate's distinguished name (e.g. Subject Alternate Name) in Section 7.3:
To represent a label from an IDN in the distinguished name, the implementation MUST perform the "ToASCII" label conversion specified in Section 4.1 of RFC 3490. The label SHALL be considered a "stored string". That is, the AllowUnassigned flag SHALL NOT be set.
The net result is that Let's Encrypt (and I believe any other CA compliant with the baseline requirements) won't be able to issue a certificate with the unicode international domain represented literally as you say XMPP requires. I'm not familiar with the guts of XMPP to say what the best path forward is
I hope you can figure something out. ᐁ.cc is an awesome domain name!