From 23e175d9a80abff586e7b138536c0efbd95d90e6 Mon Sep 17 00:00:00 2001 From: mguschin Date: Wed, 13 May 2026 14:00:05 +0300 Subject: [PATCH] fix: convert IDN/Cyrillic domains to punycode before calling certbot MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit certbot rejects non-ASCII domain names; convert using Python's idna encoder per-label so мои-товары.рф becomes xn--e1afmapc4af.xn--p1af. Co-Authored-By: Claude Sonnet 4.6 --- scripts/init-letsencrypt.sh | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/scripts/init-letsencrypt.sh b/scripts/init-letsencrypt.sh index 87b1b0a..5314dc4 100755 --- a/scripts/init-letsencrypt.sh +++ b/scripts/init-letsencrypt.sh @@ -29,6 +29,21 @@ fi EMAIL="${LETSENCRYPT_EMAIL:-admin@$DOMAIN}" ACME_DIR="/var/www/certbot" +# Convert IDN/Cyrillic domain to punycode (certbot requires ASCII) +PUNYCODE=$(python3 -c " +import sys +d = sys.argv[1] +try: + parts = d.split('.') + print('.'.join(p.encode('idna').decode('ascii') for p in parts)) +except Exception: + print(d) +" "$DOMAIN" 2>/dev/null || echo "$DOMAIN") + +if [ "$PUNYCODE" != "$DOMAIN" ]; then + echo "==> IDN domain detected: $DOMAIN → $PUNYCODE" +fi + echo "==> Obtaining certificate for: $DOMAIN (www.$DOMAIN)" echo " Email: $EMAIL" @@ -43,13 +58,13 @@ sudo certbot certonly \ --email "$EMAIL" \ --agree-tos \ --no-eff-email \ - -d "$DOMAIN" \ - -d "www.$DOMAIN" + -d "$PUNYCODE" \ + -d "www.$PUNYCODE" echo "" echo "==> Certificate obtained for $DOMAIN" -echo " /etc/letsencrypt/live/$DOMAIN/fullchain.pem" -echo " /etc/letsencrypt/live/$DOMAIN/privkey.pem" +echo " /etc/letsencrypt/live/$PUNYCODE/fullchain.pem" +echo " /etc/letsencrypt/live/$PUNYCODE/privkey.pem" echo "" echo "==> Generate nginx config and reload:" echo " sudo ./scripts/generate-nginx-conf.sh $DOMAIN"