using of IDN (punycode) Domains #37
Comments
|
I found, that the DomRobot API "nameserver.list" should allow a punicode input. "nameserver.createRecord" and "nameserver.info" already allow this. The result from nameserver list must also punicode if the input was punicode. Then the authentication against certbot should work and the DomRobot Api should keep stable. |
|
I asked the inwx support to fix the domrobot API function "nameserver.list". |
|
answer from inwx: vielen Dank für den Hinweis. Die Problematik ist bereits bei meinen Kollegen bekannt und wird vermutlich im Sprint des kommenden Jahres mit umgesetzt werden. |
|
Hi @aschulz01 , so, does the API function provide the domains using the unicode representation? If so, we could implement a workaround to convert the domain names for the respective interfaces. I do not have access to an IDN and I am uncertain whether I could fake one on INWX' OTE test system, unfortunately. |
|
Hi oGGy990, the answer from inwx is not specific. And these are the results of my investigation: In order to implement a workaround, the search input domain pattern of "nameserver list" would have to be transformed from idn to unicode and the domain name in the output list of the call would have to be transformed from unicode to idn. best regards |
|
Thanks for the translation, Andreas. But I'm german as well, so there's no need for it. ;-) I've implemented a simple workaround on the branch feature/idna-workaround. Is it possible for you to give this one a try? It requires the |
Hello, currently I try to create an certificate for multiple domains
sample: certbot certonly -v -a dns-inwx -d ".xn--bung-zra.de" -d "xn--bung-zra.de" -d ".uebung.de" -d "uebung.de" --agree-tos
(to cover the german umlaut-domains *.übung.de, übung.de, *.uebung.de, uebung.de)
the domainname in this issue is changed, the real domainname exists at inwx.de and the idn notation matches the field
"Domain ACE" inside the content of https://www.inwx.de/de/domain/info/"übung.de"
unfortunately this error occurred:
Starting new HTTPS connection (1): api.domrobot.com:443
https://api.domrobot.com:443 "POST /xmlrpc/ HTTP/1.1" 200 None
Testing xn--bung-zra.de for domain _acme-challenge.xn--bung-zra.de...
Resetting dropped connection: api.domrobot.com
https://api.domrobot.com:443 "POST /xmlrpc/ HTTP/1.1" 200 None
Testing _acme-challenge.xn--bung-zra.de for domain _acme-challenge.xn--bung-zra.de...
Resetting dropped connection: api.domrobot.com
https://api.domrobot.com:443 "POST /xmlrpc/ HTTP/1.1" 200 None
Encountered exception:
Traceback (most recent call last):
File "/snap/certbot-dns-inwx/current/lib/python3.12/site-packages/certbot_dns_inwx/_internal/dns_inwx.py", line 157, in add_txt_record
domain = self._find_domain(record_name)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot-dns-inwx/current/lib/python3.12/site-packages/certbot_dns_inwx/_internal/dns_inwx.py", line 234, in _find_domain
raise errors.PluginError(
certbot.errors.PluginError: Unable to determine base domain for _acme-challenge.xn--bung-zra.de using names: ['_acme-challenge.xn--bung-zra.de', 'xn--bung-zra.de']
If I try call certbot with the unicode domainnames (übung.de, ...) then certbot advised me to use the ace domain format (idn /punycode)
The text was updated successfully, but these errors were encountered: