Good day. Problem with obtaining Let’s Encrypt certificate for Cyrillic domain. The domain name is written in Punicode, and when trying to generate a certificate, it gives an error with code 3. How can I fix it?
We should have fixed the issue in the next release
When you enter the domain make sure you use the
xn--xxxxxx.xn--tld format and then it should be fine
Via comand line:
idn -t --quiet -a “yourdomain.com” should convert it in the correct format
This format is used, but when trying to get a certificate, it gives an error with code 3. When trying to write a domain in Cyrillic, the entire user fell off. So I fixed everything and wrote it in coding, but I can’t get a certificate. I’ll wait for the update. Thank you.
Let’s Encrypt (and the ACME protocol) accept IDNs only as A-labels (ASCII labels, starting with
xn--
, also known as Punycode), not as U-labels (Unicode labels). You can convert between U-labels and A-labels using https://github.com/bestiejs/punycode.js/ or https://www.punycoder.com/ . Note that https://www.punycoder.com/ supports the older IDNA the older IDNA2003 spec, while Boulder implements the newer IDNA2008 spec, and so may reject some names converted by that site.
It should be the correct format
Thanks man. Заколебался искать
The problem has not been solved. Panel Version 1.5.11.
Has anyone coped with this problem?
It should have been fixed please check log files
/var/log/hestia/error.log
2022-03-22 13:42:40 v-add-letsencrypt-domain 'XXX' 'xn--67-dlcxbalgejw.xn--p1ai' '' '' [Error 3]
/var/log/hestia/le-user-domain.log
=============================
Date Time: 2022-03-22 13:32:30
WEB_SYSTEM: apache2
PROXY_SYSTEM: nginx
user: XXX
domain: xn--67-dlcxbalgejw.xn--p1ai
- aliases:
- proto: http-01
- wildcard:
=============================
Date Time: 2022-03-22 13:42:40
WEB_SYSTEM: apache2
PROXY_SYSTEM: nginx
user: XXX
domain: xn--67-dlcxbalgejw.xn--p1ai
- aliases:
- proto: http-01
- wildcard:
if ! nslookup "${identifier}" > /dev/null 2>&1 ; then
check_result "$E_NOTEXIST" "DNS record for $identifier doesn't exist"
fi
nslookup domain probally fails on your server
Probally some resolving issues on your server…
USER@cp:~$ nslookup xn--67-dlcxbalgejw.xn--p1ai
Server: 192.168.X.1
Address: 192.168.X.1#53
Non-authoritative answer:
Name: ликвимоли67.рф
Address: 37.44.45.52
What problem can there be with nslookup?
This would explain the error message and so on.
You can try it running again and provide also the output of the command if you run in in command line
The problem was fixed when I added DNS records for this domain to HestiaCP. The domain is delegated to other DNS servers.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.