Renewing problem with IDN-Domains

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: präventionsverein-norden.de

I ran this command: certbot renew

It produced this output:
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/xn--prventionsverein-norden-w7b.de/fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

My web server is (include version):
Apache/2.4.46 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 18.04.5 LTS (GNU/Linux 4.15.0-140-generic x86_64)

My hosting provider, if applicable, is:
Hetzner

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.31.0

Hi @bblana

that's not a problem with an IDN domain. Your configuration is buggy, your port 80 is a https port.

http://www.präventionsverein-norden.de/.well-known/acme-challenge/Ii7RYm1XZuJV2usPrDIBiiMcn-5p6RPizT9Q_DAKP2M

Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

Apache/2.4.46 (Ubuntu) Server at präventionsverein-norden.de Port 80

Must be http, not https.

Check

apachectl -S

Hi Juergen,
Thanks for your answer.
This is the output:
root@www:~# apachectl -S
VirtualHost configuration:
192.168.240.5:443 präventionsverein-norden.de (/etc/apache2/sites-enabled/xn--prventionsverein-norden-w7b.de-le-ssl.conf:2)
192.168.240.5:80 präventionsverein-norden.de (/etc/apache2/sites-enabled/xn--prventionsverein-norden-w7b.de.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

I have a redirection from http to https for the site. Is this the reason that it doesn't work? So I have to remove the redirection, or change the configuration?

Regards Bernd

I have checked my Configuration, and compared with another working server. I found a difference in the config. I changed that, now the renew is working fine.

Thanks Bernd

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.