Hi,
The ipv6 addresses returned from a dns query for “acme-v01.api.letsencrypt.org” don’t have anything listening on port 443:
# host acme-v01.api.letsencrypt.org
acme-v01.api.letsencrypt.org is an alias for api.letsencrypt.org.edgekey.net.
api.letsencrypt.org.edgekey.net is an alias for e981.dscb.akamaiedge.net.
e981.dscb.akamaiedge.net has address 23.74.99.176
e981.dscb.akamaiedge.net has IPv6 address 2a02:26f0:c8:287::3d5
e981.dscb.akamaiedge.net has IPv6 address 2a02:26f0:c8:286::3d5
# ping6 -c 2 2a02:26f0:c8:287::3d5
PING 2a02:26f0:c8:287::3d5(2a02:26f0:c8:287::3d5) 56 data bytes
64 bytes from 2a02:26f0:c8:287::3d5: icmp_seq=1 ttl=57 time=27.3 ms
64 bytes from 2a02:26f0:c8:287::3d5: icmp_seq=2 ttl=57 time=28.2 ms
--- 2a02:26f0:c8:287::3d5 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 27.367/27.784/28.202/0.449 ms
# ping6 -c 2 2a02:26f0:c8:286::3d5
PING 2a02:26f0:c8:286::3d5(2a02:26f0:c8:286::3d5) 56 data bytes
64 bytes from 2a02:26f0:c8:286::3d5: icmp_seq=1 ttl=57 time=23.0 ms
64 bytes from 2a02:26f0:c8:286::3d5: icmp_seq=2 ttl=57 time=23.2 ms
--- 2a02:26f0:c8:286::3d5 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 23.031/23.134/23.237/0.103 ms
but if i try https:
curl -v https://acme-v01.api.letsencrypt.org:443/directory
* About to connect() to acme-v01.api.letsencrypt.org port 443 (#0)
* Trying 2a02:26f0:c8:286::3d5...
* Connection timed out
* Trying 2a02:26f0:c8:287::3d5...
* Connection timed out
* Trying 23.74.99.176...
* connected
* Connected to acme-v01.api.letsencrypt.org (23.74.99.176) port 443 (#0)
It takes about 2 mins to timeout and fall back to v4.