Check all IP addresses of your servers - "IPv6 preference" troubleshooting

DanCvrcek · August 25, 2017, 6:36pm

I suppose most of you who had problems with certificate renewals after LE changed the protocol preference for authorizations from IPv4 to IPv6 have already found out and fixed the problem.

Still, it may be worth checking there is no network problem on any of the IP addresses your servers have in their DNS records. The use cases include:

switch to Let’s Encrypt from other certificate providers;
prevent random errors if clients pick an incorrectly set up IP address;
network configuration checks; or
general troubleshooting.

To do that, please use spot checks at https://keychest.net to make use of this new feature.

No login or registration needed for spot checks. We will add ongoing monitoring for registered users in the next upgrade.
keychest_multipleIPaddressChecking_muniDetail

Osiris · August 26, 2017, 2:21pm

Offtopic: I’m not sure if the warning message in the red box is correct. It’s perfectly possible to renew your certificate through port 80 with the http-01 or dns-01 method. No TLS required at all.

DanCvrcek · August 26, 2017, 4:02pm

We wanted to make it simple as possible - including the phrase “may not” showing uncertainty. The text also includes a link to details in the community here.

But happy to improve and open to suggestions as the goal is to help those who need it!

system · September 25, 2017, 4:02pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Renewal Problems Help	4	2390	May 24, 2019
Moving certs from one server to another Server	3	5750	April 9, 2017
Err_ssl_protocol_error Help	2	974	November 5, 2021
Renewal redirect help Help	6	1602	April 2, 2020
A common cannot renew my certificate Server	18	1207	January 20, 2019

Check all IP addresses of your servers - "IPv6 preference" troubleshooting

Related topics