Check all IP addresses of your servers - "IPv6 preference" troubleshooting

I suppose most of you who had problems with certificate renewals after LE changed the protocol preference for authorizations from IPv4 to IPv6 have already found out and fixed the problem.

Still, it may be worth checking there is no network problem on any of the IP addresses your servers have in their DNS records. The use cases include:

  1. switch to Let’s Encrypt from other certificate providers;
  2. prevent random errors if clients pick an incorrectly set up IP address;
  3. network configuration checks; or
  4. general troubleshooting.

To do that, please use spot checks at https://keychest.net to make use of this new feature.

No login or registration needed for spot checks. We will add ongoing monitoring for registered users in the next upgrade.
keychest_multipleIPaddressChecking_muniDetail

3 Likes

Offtopic: I’m not sure if the warning message in the red box is correct. It’s perfectly possible to renew your certificate through port 80 with the http-01 or dns-01 method. No TLS required at all.

We wanted to make it simple as possible - including the phrase “may not” showing uncertainty. The text also includes a link to details in the community here.

But happy to improve and open to suggestions as the goal is to help those who need it!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.