My main pain points were these:

1. Browsers tend to convert the unicode representations to ASCII Compatible Encoding (ACE) with punycode representations for security reasons when copying the url.
   So you will get a nice surprise when pasting the url somewhere:

F.e. having https://hürth-blüht.de/ in the browsers address bar will get you https://xn--hrth-blht-q9ag.de/ on copy/paste.
This punycode representation is very unfamiliar to normal users and will keep them from clicking the url because it looks suspicious.

The security issue the browsers have is a so called homograph attacks:
Attackers use similar looking chars for f.e. phishing domains.

For example, the Latin “a” looks a lot like the Cyrillic “а”, so someone could register http://ebаy.com (using Cyrillic “а”)

From: https://chromium.googlesource.com/chromium/src/+/master/docs/idn.md
There are also more detailed technical informations on how browsers mitigate those attacks.

2. Umlaut domains will not work in ssh since DNS does not support unicodes.
   Ssh will require the punycode domain.
   The error message is not very helpful on first sight.
   F.e. ssh user@hürth.de will say:
   Could not resolve hostname h\303\274rth.de: Name or service not known
   So use the punycode instead: ssh user@xn--hrth.de
   
   
3. Htaccess Apache Redirects also need punycode
   Also on Apache redirects in the .htaccess you will need to use the punycode urls:

RewriteCond %{HTTP_HOST} ^xn--mehr-grn-d6a.de$ [OR]
RewriteCond %{HTTP_HOST} ^www.xn--mehr-grn-d6a.de$
RewriteRule (.*)$ https://www.mehr-gruen.de/$1 [R=301,L]

A good Article (in german language though) thats describes even more problems like emails, missing legacy system support, SEO or requiring a specific keyboard layout is this:
https://www.checkdomain.de/blog/domains-hosting/umlautdomains-clevere-alternative-oder-ein-problem/