https://πŸ”’πŸ”’πŸ”’.scotthelme.co.uk

The www subdomain is so overrated I decided it was time for a change. What else could be better than 3 padlocks for my new subdomain?!


Yes, it really works!

You can try out the new subdomain and link to it just like you would any other. Here is the link:


https://πŸ”’πŸ”’πŸ”’.scotthelme.co.uk



Whilst this is clearly a bit of fun and I don't intend to use it as my main domain, there is a genuine reason why this is really good, beyond all the fun I'm going to have with it.


Let's Encrypt add IDN support πŸŽ‰

The Let's Encrypt CA, that issue free certificates to anyone that wants them, recently added support for Internationalised Domain Names. This means you can now get certificates for domain names that use characters other than those found in the ASCII character set.


How do I get one? πŸ€”

With certs from Let's Encrypt being free, it's easy to play around and add some new subdomains. The following steps are all I followed to setup my new subdomain, which took around 3-4 minutes.


Choose a new subdomain 😍

The first step is to decide what you want to use for your new subdomain, I simply went for πŸ”’πŸ”’πŸ”’. Take your emojis and head to https://www.punycoder.com/ where you need to paste them into the 'Text' field and hit 'Convert to Punycode'. This gives me the Punycode xn--lv8haa. Punycode is just a way of representing Unicode characters in ASCII which is all the DNS supports.


Add the subdomain to DNS πŸ’ͺ

I use Cloudflare as my DNS provider and all I needed to do was add the new subdomain. If you use wildcard resolution you won't need to do this step.

my new cloudflare DNS entries


Get a certificate including the new subdomain πŸ“œ

This will vary depending how you obtain your certs from LE but my method is detailed here in my blog on Getting Started with Let's Encrypt. All I needed to do was add the subdomain to the SAN and request a new cert.

nano openssl.cnf
...
[ alt_names ]
DNS.1 = scotthelme.co.uk
DNS.2 = www.scotthelme.co.uk
DNS.3 = xn--lv8haa.scotthelme.co.uk # <-- Add this line



Once the subdomain was added to the OpenSSL config file, I recreated my CSR.

openssl req -new -key private.key -out scotthelme.csr -config openssl.cnf -sha256



Once the new CSR was created I simply had to run my script that requests a certificate for me.

./renew.sh



Again, depending on your setup, you may need to alter your webserver config too. My new subdomain is present in the SAN that falls under my default_server in my Nginx config so no changes were needed to get it up and running. You may need to add the new subdomain to your server_name directive.

server_name www.scotthelme.co.uk scotthelme.co.uk xn--lv8haa.scotthelme.co.uk;


Have fun πŸ‘

But remember, there are rate limits when using Let's Encrypt of 20 certificates per week for your domain. However, you can put as many new, cool subdomains as you want in the SAN (up to the 100 max) without worrying about the impact on your rate limit. If you do create an emoji subdomain then drop me a comment below and share it, let's see what we can come up with! πŸ™‚



Thanks to April King for the idea to do this.

Author image
About Scott
Researcher, blogger and international speaker. I'm the creator of report-uri.io and securityheaders.io, free tools to help improve online security.