Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ACME problem with IDN Domains

    Scheduled Pinned Locked Moved ACME
    7 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cannyit
      last edited by

      When I include a iono ACE converted IDN (internationalized domain name) in my running config its not included in certificate and following error messages are issued

      Error add txt for domain:_acme-challenge.MY_IDN_DOMAIN_NAME
Error removing txt for domain:_acme-challenge.MY_IDN_DOMAIN_NAME

      When I try to enter direct the IDN in GUI I get error

      The field 'Domainname' does not contain a valid hostname.

      I use "DNS-Cloudflare" method.

      Has anyboy same issue or any idea how to solve?

      1 Reply Last reply Reply Quote 0
      • C
        cannyit
        last edited by

        After some updates of ACME still same issue. Has Nobody a IDN domain or any idear how to solve or work around?

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          No IDNs here or a good way to test them. I don't think the current validation functions in pfSense support IDNs, and I'm not aware of any plans to address that at the moment. Plus it would require changes to the package to store the domain in a way that is XML-safe, which could be another issue.

          Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • C
            cannyit
            last edited by

            jimp thanks a lot for answer. Any Idea why its not working with the ACE/Punycode? Storrage should be not a problem but leads to the error above.

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              Probably because the hostname/FQDN validation functions don't recognize that.

              Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • C
                cannyit
                last edited by

                After Upgrade to 0.6.2 its now working fine for ACE converted IDN. So everything looks good now. Thanks to the unnown solver :-)

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  Great! It must have been solved upstream in acme.sh

                  Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.