I have domain with non ascii characters (automüük.tld / xn–automk-7yaa.tld).
After I added new domain with similar name(automuuk.tld) to server I cannot renew Let’s Encrypt cert for non-ascii domain anymore.
Right after renewal process is see that challene fails and on error log i see:
“Hostname www.automuuk.tld provided via SNI and hostname www.xn–automk-7yaa.tld provided via HTTP are different”
Anyways, it is non-production website so I just removed and re-added domain with non-ascii letters and after that I was able to renew SSL on both domains.
This might actually be an Apache bug - Virtualmin only uses the xn-- format hostnames in the Apache config and SSL cert request, so it would never consider automüük and automuuk to be the same. The xn-- format name is only converted to use the real unicode characters when the domain is displayed in the UI.