LetsEncrypt support for IDN domains

Author: Serghey Rodin

bin/v-add-letsencrypt-domain

@@ -26,6 +26,9 @@ source $VESTA/func/main.sh
 source $VESTA/func/domain.sh
 source $VESTA/conf/vesta.conf
 
+# Additional argument formatting
+format_domain_idn
+
 
 #----------------------------------------------------------#
 #                    Verifications                         #

bin/v-check-letsencrypt-domain

@@ -11,8 +11,7 @@
 
 # Argument definition
 user=$1
-domain=$(idn -t --quiet -u "$2" )
-domain=$(echo $domain | tr '[:upper:]' '[:lower:]')
+domain=$2
 
 # Includes
 source $VESTA/func/main.sh
@@ -23,6 +22,9 @@ encode_base64() {
     cat |base64 |tr '+/' '-_' |tr -d '\r\n='
 }
 
+# Additional argument formatting
+format_domain_idn
+
 
 #----------------------------------------------------------#
 #                    Verifications                         #
@@ -64,7 +66,7 @@ protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
 
 # Defining ACME query (request challenge)
 query='{"resource":"new-authz","identifier"'
-query=$query':{"type":"dns","value":"'"$domain"'"}}'
+query=$query':{"type":"dns","value":"'"$domain_idn"'"}}'
 payload=$(echo -n "$query" |encode_base64)
 signature=$(printf "%s" "$protected.$payload" |\
     openssl dgst -sha256 -binary -sign "$key" |encode_base64)

bin/v-generate-ssl-cert

@@ -54,6 +54,11 @@ shell_list_ssl() {
     echo -e "\nDirectory: $workdir"
 }
 
+# Additional argument formatting
+format_domain_idn
+if [[ "$email" = *[![:ascii:]]* ]]; then
+    email=$(idn -t --quiet -a $email)
+fi
 
 
 #----------------------------------------------------------#
@@ -69,15 +74,6 @@ is_format_valid 'domain_alias' 'format'
 #                       Action                             #
 #----------------------------------------------------------#
 
-if [[ "$domain" = *[![:ascii:]]* ]]; then
-    domain_idn=$(idn -t --quiet -a $domain)
-else
-    domain_idn=$domain
-fi
-if [[ "$email" = *[![:ascii:]]* ]]; then
-    email=$(idn -t --quiet -a $email)
-fi
-
 # Create temporary work directory
 workdir=$(mktemp -d)
 cd $workdir
@@ -98,10 +94,12 @@ if [ -z "$aliases" ]; then
         -out $domain.csr #>/dev/null 2>&1
 else
     for alias in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
+        if [[ "$alias" = *[![:ascii:]]* ]]; then
+            alias=$(idn -t --quiet -a $alias)
+        fi
         dns_aliases="${dns_aliases}DNS:$alias,"
     done
     dns_aliases=$(echo $dns_aliases |sed "s/,$//")
-
     if [ -e "/etc/ssl/openssl.cnf" ]; then
         ssl_conf='/etc/ssl/openssl.cnf'
     else
@@ -129,15 +127,15 @@ openssl x509 -req -sha256 \
 
 # Listing certificates
 if [ -e "$domain.crt" ]; then
-    crt=$(cat $domain.crt | sed ':a;N;$!ba;s/\n/\\n/g' )
+    crt=$(cat $domain.crt |sed ':a;N;$!ba;s/\n/\\n/g' )
 fi
 
 if [ -e "$domain.key" ]; then
-    key=$(cat $domain.key | sed ':a;N;$!ba;s/\n/\\n/g' )
+    key=$(cat $domain.key |sed ':a;N;$!ba;s/\n/\\n/g' )
 fi
 
 if [ -e "$domain.csr" ]; then
-    csr=$(cat $domain.csr | sed ':a;N;$!ba;s/\n/\\n/g' )
+    csr=$(cat $domain.csr |sed ':a;N;$!ba;s/\n/\\n/g' )
 fi
 
 case $format in

bin/v-sign-letsencrypt-csr

@@ -11,8 +11,7 @@
 
 # Argument definition
 user=$1
-domain=$(idn -t --quiet -u "$2" )
-domain=$(echo $domain | tr '[:upper:]' '[:lower:]')
+domain=$2
 csr="$3/$domain.csr"
 format=$4
 
@@ -53,7 +52,6 @@ fi
 
 source $USER_DATA/ssl/le.conf
 api='https://acme-v01.api.letsencrypt.org'
-r_domain=$(echo "$check_domain" |cut -f 2 -d \')
 key="$USER_DATA/ssl/user.key"
 exponent="$EXPONENT"
 modulus="$MODULUS"