Closed HTechHQ closed 2 years ago
Hi! I never thought about this problem... Will try to update the REGEX to handle it this weekend.
I updated the REGEX. However I'm not sure if ACME-tiny or Let's Encrypt itself supports it or not, and I don't have a domain to test it.
I released 1.20.0-beta1
. Could you try it?
Thank you for the fast update! I'll attach the error message I got:
[cont-init.d] 20-setup: executing...
/opt/certs_manager/models/domain.rb:203:in `match': incompatible encoding regexp match (UTF-8 regexp with ASCII-8BIT string) (Encoding::CompatibilityError)
from /opt/certs_manager/models/domain.rb:203:in `match'
from /opt/certs_manager/models/domain.rb:203:in `parsed_descriptor'
from /opt/certs_manager/models/domain.rb:77:in `name'
from /opt/certs_manager/models/domain.rb:44:in `dir'
from /opt/certs_manager/models/domain.rb:183:in `create_dir'
from /opt/certs_manager/models/domain.rb:11:in `initialize'
from /opt/certs_manager/lib/na_config.rb:70:in `new'
from /opt/certs_manager/lib/na_config.rb:70:in `block in parse'
from /opt/certs_manager/lib/na_config.rb:69:in `map'
from /opt/certs_manager/lib/na_config.rb:69:in `parse'
from /opt/certs_manager/lib/na_config.rb:36:in `env_domains'
from /opt/certs_manager/lib/na_config.rb:7:in `domains'
from /opt/certs_manager/certs_manager.rb:23:in `block in setup_config'
from /opt/certs_manager/certs_manager.rb:133:in `block in with_lock'
from /opt/certs_manager/certs_manager.rb:131:in `open'
from /opt/certs_manager/certs_manager.rb:131:in `with_lock'
from /opt/certs_manager/certs_manager.rb:19:in `setup_config'
from /opt/certs_manager/certs_manager.rb:11:in `setup'
from /bin/setup:4:in `<main>'
[cont-init.d] 20-setup: exited 1.
Hi, thanks for testing!
1.20.0-beta2 fixed the encoding issue.
The first try is with the domain name (as is, including the special character) and I get the following error:
Creating new order...
Traceback (most recent call last):
File "/bin/acme_tiny", line 198, in <module>
main(sys.argv[1:])
File "/bin/acme_tiny", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File "/bin/acme_tiny", line 121, in get_crt
order, _, order_headers = _send_signed_request(directory['newOrder'], order_payload, "Error creating new order")
File "/bin/acme_tiny", line 60, in _send_signed_request
return _do_request(url, data=data.encode('utf8'), err_msg=err_msg, depth=depth)
File "/bin/acme_tiny", line 46, in _do_request
raise ValueError("{0}:\nUrl: {1}\nData: {2}\nResponse Code: {3}\nResponse: {4}".format(err_msg, url, data, code, resp_data))
ValueError: Error creating new order:
Url: https://acme-v02.api.letsencrypt.org/acme/new-order
Data: {"protected": "xyz", "signature": "xyz"}
Response Code: 400
Response: {u'status': 400, u'type': u'urn:ietf:params:acme:error:rejectedIdentifier', u'detail': u'Error creating new order :: Cannot issue for "xyz": Domain name contains an invalid character'}
Next I converted the domain name into ACE and it works!
When working with an IDN, you need to convert the domain name into an ASCII-Compatible Encoding (ACE) form before entering it into the DNS server.
There seam to be two obvious solutions now:
Not sure what to do, but this also raises the question if the regex needs to be updated at all? Probably not. I run the configuration with the ACE again on version 1.19.2 and it works (the signing was skipped though ;-) so not sure if this influences the process, but I don't expect it)
Ah, ok. I didn't know that.
I will do (2). Because I found some other issues when it comes to putting non-ASCII characters into environment variable. Namely, putting custom config for each domain such as CUSTOM_NGINX_EXAMPLE_COM_CONFIG_BLOCK
.
I will revert the REGEX changes and update the documentation.
Hello,
I have a valid domain but the name contains a non ASCII character (
ß
from the German alphabet). In the setup step I get the following error on 1.19.2:I'd like my domain name to be supported as well, is it possible to update the restrictions on this? Alternatively I would be interested in a way to supply my own regex overwrite.
Thank you for any help :-)