SSL renewal fails on non-ascii domain after adding another domain with very similar name

I have domain with non ascii characters (automüük.tld / xn–automk-7yaa.tld).

After I added new domain with similar name(automuuk.tld) to server I cannot renew Let’s Encrypt cert for non-ascii domain anymore.

Right after renewal process is see that challene fails and on error log i see:
“Hostname www.automuuk.tld provided via SNI and hostname www.xn–automk-7yaa.tld provided via HTTP are different”

Any ideas how i can solve this? Thanks.


Thanks for the heads up.

@Jamie It looks like a clash bug, isn’t it?

Anyways, it is non-production website so I just removed and re-added domain with non-ascii letters and after that I was able to renew SSL on both domains.

So for me it is solved. Thanks!

This might actually be an Apache bug - Virtualmin only uses the xn-- format hostnames in the Apache config and SSL cert request, so it would never consider automüük and automuuk to be the same. The xn-- format name is only converted to use the real unicode characters when the domain is displayed in the UI.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.