search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
38.67k stars 4.91k forks source link

IDN doesn't work well #1479

Open MAGICCC opened 6 years ago

MAGICCC commented 6 years ago

Could be related to https://github.com/Neilpang/acme.sh/pull/1351

Steps to reproduce

Domain is a IDN one (⠠.ws), and when trying to use the Cloudflare API it only converts the wildcard one to the IDN syntax, base domain is still 'normal'

Debug log

acme.sh --issue --dns dns_cf -d "⠠.ws" -d "*.⠠.ws" --debug 2
[Sun Apr  1 21:33:07 CEST 2018] Lets find script dir.
[Sun Apr  1 21:33:07 CEST 2018] _SCRIPT_='/root/.acme.sh/acme.sh'
[Sun Apr  1 21:33:07 CEST 2018] _script='/root/.acme.sh/acme.sh'
[Sun Apr  1 21:33:07 CEST 2018] _script_home='/root/.acme.sh'
[Sun Apr  1 21:33:07 CEST 2018] Using config home:/root/.acme.sh
[Sun Apr  1 21:33:07 CEST 2018] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.7.8
[Sun Apr  1 21:33:07 CEST 2018] _main_domain='⠠.ws'
[Sun Apr  1 21:33:07 CEST 2018] _alt_domains='*.⠠.ws'
[Sun Apr  1 21:33:07 CEST 2018] Using config home:/root/.acme.sh
[Sun Apr  1 21:33:07 CEST 2018] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Sun Apr  1 21:33:07 CEST 2018] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Sun Apr  1 21:33:07 CEST 2018] DOMAIN_PATH='/root/.acme.sh/⠠.ws'
[Sun Apr  1 21:33:07 CEST 2018] 'dns_cf' does not contain 'dns'
[Sun Apr  1 21:33:07 CEST 2018] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Sun Apr  1 21:33:07 CEST 2018] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Sun Apr  1 21:33:07 CEST 2018] GET
[Sun Apr  1 21:33:07 CEST 2018] url='https://acme-v02.api.letsencrypt.org/directory'
[Sun Apr  1 21:33:07 CEST 2018] timeout=
[Sun Apr  1 21:33:07 CEST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.CZkgKAEfEH  -g '
[Sun Apr  1 21:33:07 CEST 2018] ret='0'
[Sun Apr  1 21:33:07 CEST 2018] response='{
  "hqWhIzX5Icw": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Sun Apr  1 21:33:07 CEST 2018] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Sun Apr  1 21:33:07 CEST 2018] ACME_NEW_AUTHZ
[Sun Apr  1 21:33:08 CEST 2018] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sun Apr  1 21:33:08 CEST 2018] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Sun Apr  1 21:33:08 CEST 2018] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Sun Apr  1 21:33:08 CEST 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Sun Apr  1 21:33:08 CEST 2018] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sun Apr  1 21:33:08 CEST 2018] ACME_VERSION='2'
[Sun Apr  1 21:33:08 CEST 2018] Le_NextRenewTime
[Sun Apr  1 21:33:08 CEST 2018] _on_before_issue
[Sun Apr  1 21:33:08 CEST 2018] _chk_main_domain='⠠.ws'
[Sun Apr  1 21:33:08 CEST 2018] _chk_alt_domains='*.⠠.ws'
[Sun Apr  1 21:33:08 CEST 2018] 'dns_cf' does not contain 'no'
[Sun Apr  1 21:33:08 CEST 2018] Le_LocalAddress
[Sun Apr  1 21:33:08 CEST 2018] d='⠠.ws'
[Sun Apr  1 21:33:08 CEST 2018] Check for domain='⠠.ws'
[Sun Apr  1 21:33:08 CEST 2018] _currentRoot='dns_cf'
[Sun Apr  1 21:33:08 CEST 2018] d='*.⠠.ws'
[Sun Apr  1 21:33:08 CEST 2018] Check for domain='*.⠠.ws'
[Sun Apr  1 21:33:08 CEST 2018] _currentRoot='dns_cf'
[Sun Apr  1 21:33:08 CEST 2018] d
[Sun Apr  1 21:33:08 CEST 2018] 'dns_cf' does not contain 'apache'
[Sun Apr  1 21:33:08 CEST 2018] _saved_account_key_hash='xQX2m/KaawcZa+Qvqm98snOYwBz/dzRCdOrcoMo+4oc='
[Sun Apr  1 21:33:08 CEST 2018] _saved_account_key_hash is not changed, skip register account.
[Sun Apr  1 21:33:08 CEST 2018] Read key length:
[Sun Apr  1 21:33:08 CEST 2018] _createcsr
[Sun Apr  1 21:33:08 CEST 2018] domain='⠠.ws'
[Sun Apr  1 21:33:08 CEST 2018] domainlist='*.⠠.ws'
[Sun Apr  1 21:33:08 CEST 2018] csrkey='/root/.acme.sh/⠠.ws/⠠.ws.key'
[Sun Apr  1 21:33:08 CEST 2018] csr='/root/.acme.sh/⠠.ws/⠠.ws.csr'
[Sun Apr  1 21:33:08 CEST 2018] csrconf='/root/.acme.sh/⠠.ws/⠠.ws.csr.conf'
[Sun Apr  1 21:33:08 CEST 2018] _is_idn_d='*.⠠.ws'
[Sun Apr  1 21:33:08 CEST 2018] _idn_temp='⠠'
[Sun Apr  1 21:33:08 CEST 2018] domainlist='*.xn--3ji.ws'
[Sun Apr  1 21:33:08 CEST 2018] Multi domain='DNS:⠠.ws,DNS:*.xn--3ji.ws'
[Sun Apr  1 21:33:08 CEST 2018] _is_idn_d='⠠.ws'
[Sun Apr  1 21:33:08 CEST 2018] _idn_temp='⠠'
[Sun Apr  1 21:33:08 CEST 2018] _csr_cn='xn--3ji.ws'
[Sun Apr  1 21:33:08 CEST 2018] Getting domain auth token for each domain
[Sun Apr  1 21:33:08 CEST 2018] d='*.⠠.ws'
[Sun Apr  1 21:33:08 CEST 2018] d
[Sun Apr  1 21:33:08 CEST 2018] _identifiers='{"type":"dns","value":"⠠.ws"},{"type":"dns","value":"*.⠠.ws"}'
[Sun Apr  1 21:33:08 CEST 2018] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sun Apr  1 21:33:08 CEST 2018] payload='{"identifiers": [{"type":"dns","value":"⠠.ws"},{"type":"dns","value":"*.⠠.ws"}]}'
[Sun Apr  1 21:33:08 CEST 2018] RSA key
[Sun Apr  1 21:33:08 CEST 2018] Get nonce. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sun Apr  1 21:33:08 CEST 2018] HEAD
[Sun Apr  1 21:33:08 CEST 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sun Apr  1 21:33:08 CEST 2018] body
[Sun Apr  1 21:33:08 CEST 2018] _postContentType='application/jose+json'
[Sun Apr  1 21:33:08 CEST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.k1a7o0TTkd  -g '
[Sun Apr  1 21:33:08 CEST 2018] _ret='0'
[Sun Apr  1 21:33:08 CEST 2018] _headers='HTTP/1.1 204 No Content
Server: nginx
Replay-Nonce: 9sZCO9KMVknW_aE_nMIvyBYvBHtyVk2FypXwOe2VflE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sun, 01 Apr 2018 19:33:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 01 Apr 2018 19:33:14 GMT
Connection: keep-alive
'
[Sun Apr  1 21:33:08 CEST 2018] _CACHED_NONCE='9sZCO9KMVknW_aE_nMIvyBYvBHtyVk2FypXwOe2VflE'
[Sun Apr  1 21:33:08 CEST 2018] nonce='9sZCO9KMVknW_aE_nMIvyBYvBHtyVk2FypXwOe2VflE'
[Sun Apr  1 21:33:08 CEST 2018] POST
[Sun Apr  1 21:33:08 CEST 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sun Apr  1 21:33:08 CEST 2018] body='{"protected": "eyJub25jZSI6ICI5c1pDTzlLTVZrbldfYUVfbk1JdnlCWXZCSHR5VmsyRnlwWHdPZTJWZmxFIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzMyMjU5MzkxIn0", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6IuKgoC53cyJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi7ioKAud3MifV19", "signature": "JlXbliZrkFo9hUTq1KOewCgE1w6bCk9RezGV-7odHynoZTJip_M2JKzrCtesqvO9aLO0KE2b-aci0MQPRG6bwXAcVGxyFkUYKaFj4PIKJyq1BlM41tkjQjBzziU7xw4gh1nB3k_a4QLkzKdoMCsKtVW8cq4TME5WP54-xpA6Cs6P-Qbx1tZU3pz7p6fI07WLPQgnDhXCxwErEbG1ifw_rchUOW_uxKeUG06qch45jDRUVwuE8wwn-0QkMK5dibL5cmMVOJVvyrlQdQ598TlqXfunTQoVa61IVc_XShnxI6Xy89IH5OptPh8w9lYotBKhHGQ5yNn68Z1ANs5-UsEQIQ"}'
[Sun Apr  1 21:33:08 CEST 2018] _postContentType='application/jose+json'
[Sun Apr  1 21:33:08 CEST 2018] Http already initialized.
[Sun Apr  1 21:33:08 CEST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.k1a7o0TTkd  -g '
[Sun Apr  1 21:33:08 CEST 2018] _ret='0'
[Sun Apr  1 21:33:08 CEST 2018] original='{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Error creating new order :: Invalid character in DNS name",
  "status": 400
}'
[Sun Apr  1 21:33:08 CEST 2018] responseHeaders='HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 142
Boulder-Requester: 32259391
Replay-Nonce: WPuzDJTfWkWenzbcxDLJ7fB7qIt_3M5umic3LQs1V8c
Expires: Sun, 01 Apr 2018 19:33:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 01 Apr 2018 19:33:14 GMT
Connection: close
'
[Sun Apr  1 21:33:08 CEST 2018] response='{"type":"urn:ietf:params:acme:error:malformed","detail":"Error creating new order :: Invalid character in DNS name","status": 400}'
[Sun Apr  1 21:33:08 CEST 2018] code='400'
[Sun Apr  1 21:33:08 CEST 2018] Le_OrderFinalize
[Sun Apr  1 21:33:08 CEST 2018] Create new order error. Le_OrderFinalize not found. {"type":"urn:ietf:params:acme:error:malformed","detail":"Error creating new order :: Invalid character in DNS name","status": 400}
[Sun Apr  1 21:33:08 CEST 2018] pid
[Sun Apr  1 21:33:08 CEST 2018] No need to restore nginx, skip.
[Sun Apr  1 21:33:08 CEST 2018] _clearupdns
[Sun Apr  1 21:33:08 CEST 2018] skip dns.
[Sun Apr  1 21:33:08 CEST 2018] _on_issue_err
[Sun Apr  1 21:33:08 CEST 2018] Please add '--debug' or '--log' to check more details.
[Sun Apr  1 21:33:08 CEST 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Sun Apr  1 21:33:08 CEST 2018] _chk_vlist
[Sun Apr  1 21:33:08 CEST 2018] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.0f  25 May 2017
apache:
apache doesn't exists.
nginx:
nginx version: nginx/1.10.3
built with OpenSSL 1.1.0f  25 May 2017
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-2tpxfc/nginx-1.10.3=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_flv_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_secure_link_module --with-http_sub_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/headers-more-nginx-module --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-auth-pam --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-cache-purge --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-dav-ext-module --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-development-kit --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-echo --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/ngx-fancyindex --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nchan --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-lua --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-upload-progress --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-upstream-fair --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/ngx_http_substitutions_filter_module
socat:
socat by Gerhard Rieger - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
   options:
      -V     print version and feature information to stdout, and exit
      -h|-?  print a help text describing command line options and addresses
      -hh    like -h, plus a list of all common address option names
      -hhh   like -hh, plus a list of all available address option names
      -d     increase verbosity (use up to 4 times; 2 are recommended)
      -D     analyze file descriptors before loop
      -ly[facility]  log to syslog, using facility (default is daemon)
      -lf<logfile>   log to file
      -ls            log to stderr (default if no other log)
      -lm[facility]  mixed log mode (stderr during initialization, then syslog)
      -lp<progname>  set the program name used for logging
      -lu            use microseconds for logging timestamps
      -lh            add hostname to log messages
      -v     verbose data traffic, text
      -x     verbose data traffic, hexadecimal
      -b<size_t>     set data buffer size (8192)
      -s     sloppy (continue on error)
      -t<timeout>    wait seconds before closing second channel
      -T<timeout>    total inactivity timeout in seconds
      -u     unidirectional mode (left to right)
      -U     unidirectional mode (right to left)
      -g     do not check option groups
      -L <lockfile>  try to obtain lock, or fail
      -W <lockfile>  try to obtain lock, or wait
      -4     prefer IPv4 if version is not explicitly specified
      -6     prefer IPv6 if version is not explicitly specified
   bi-address:
      pipe[,<opts>]     groups=FD,FIFO
      <single-address>!!<single-address>
      <single-address>
   single-address:
      <address-head>[,<opts>]
   address-head:
      abstract-client:<filename>        groups=FD,SOCKET,RETRY,UNIX
      abstract-connect:<filename>       groups=FD,SOCKET,RETRY,UNIX
      abstract-listen:<filename>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX
      abstract-recv:<filename>  groups=FD,SOCKET,RETRY,UNIX
      abstract-recvfrom:<filename>      groups=FD,SOCKET,CHILD,RETRY,UNIX
      abstract-sendto:<filename>        groups=FD,SOCKET,RETRY,UNIX
      create:<filename> groups=FD,REG,NAMED
      exec:<command-line>       groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      fd:<num>  groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      gopen:<filename>  groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
      interface:<interface>     groups=FD,SOCKET
      ip-datagram:<host>:<protocol>     groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recv:<protocol>        groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recvfrom:<protocol>    groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
      ip-sendto:<host>:<protocol>       groups=FD,SOCKET,IP4,IP6
      ip4-datagram:<host>:<protocol>    groups=FD,SOCKET,RANGE,IP4
      ip4-recv:<protocol>       groups=FD,SOCKET,RANGE,IP4
      ip4-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP4
      ip4-sendto:<host>:<protocol>      groups=FD,SOCKET,IP4
      ip6-datagram:<host>:<protocol>    groups=FD,SOCKET,RANGE,IP6
      ip6-recv:<protocol>       groups=FD,SOCKET,RANGE,IP6
      ip6-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP6
      ip6-sendto:<host>:<protocol>      groups=FD,SOCKET,IP6
      open:<filename>   groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
      openssl:<host>:<port>     groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
      openssl-listen:<port>     groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
      pipe:<filename>   groups=FD,FIFO,NAMED,OPEN
      proxy:<proxy-server>:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
      pty       groups=FD,NAMED,TERMIOS,PTY
      sctp-connect:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
      sctp-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
      sctp4-connect:<host>:<port>       groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
      sctp4-listen:<port>       groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
      sctp6-connect:<host>:<port>       groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
      sctp6-listen:<port>       groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
      socket-connect:<domain>:<protocol>:<remote-address>       groups=FD,SOCKET,CHILD,RETRY
      socket-datagram:<domain>:<type>:<protocol>:<remote-address>       groups=FD,SOCKET,RANGE
      socket-listen:<domain>:<protocol>:<local-address> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
      socket-recv:<domain>:<type>:<protocol>:<local-address>    groups=FD,SOCKET,RANGE
      socket-recvfrom:<domain>:<type>:<protocol>:<local-address>        groups=FD,SOCKET,CHILD,RANGE
      socket-sendto:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET
      socks4:<socks-server>:<host>:<port>       groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      socks4a:<socks-server>:<host>:<port>      groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      stderr    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdin     groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdio     groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdout    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      system:<shell-command>    groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      tcp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
      tcp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
      tcp4-connect:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
      tcp4-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
      tcp6-connect:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
      tcp6-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
      tun[:<ip-addr>/<bits>]    groups=FD,CHR,NAMED,OPEN,INTERFACE
      udp-connect:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
      udp-datagram:<host>:<port>        groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
      udp-recv:<port>   groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-recvfrom:<port>       groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
      udp-sendto:<host>:<port>  groups=FD,SOCKET,IP4,IP6,UDP
      udp4-connect:<host>:<port>        groups=FD,SOCKET,IP4,UDP
      udp4-datagram:<remote-address>:<port>     groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
      udp4-recv:<port>  groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-recvfrom:<host>:<port>       groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
      udp4-sendto:<host>:<port> groups=FD,SOCKET,IP4,UDP
      udp6-connect:<host>:<port>        groups=FD,SOCKET,IP6,UDP
      udp6-datagram:<host>:<port>       groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
      udp6-recv:<port>  groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-recvfrom:<port>      groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
      udp6-sendto:<host>:<port> groups=FD,SOCKET,IP6,UDP
      unix-client:<filename>    groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-connect:<filename>   groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-listen:<filename>    groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
      unix-recv:<filename>      groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-recvfrom:<filename>  groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
      unix-sendto:<filename>    groups=FD,SOCKET,NAMED,RETRY,UNIX
martgras commented 6 years ago

@Neilpang - what do you think about this approach? If the conversion to punnycode is done while parsing the arguments all plugins should "automatically" work : https://github.com/martgras/acme.sh/commit/44f1d02a4461326a2284f2f4f4c5d9ba650ae270.

Works for me with wildcards as well but I only tested using the DNS method Please let me know if I should submit it as a PR