Hi guys,
Over the last month letsencrypt client takes almost one hour to create a new certificate (I think I have the same behavior for renewal).
I run this command on my server : ./letsencypt-auto certonly --agree-tos --standalone -d summer-beach-party.fr
With the debug flag I noticed that time is spent at these points : “Starting new HTTPS conenction”.
My server is hosted at online.net. It is configured to run over ipv4 and ipv6.
If you need more information I can provide them.
Thanks
Here is my letsencrypt.log : https://gist.github.com/kevinleturc/9ae66295a364350f9c11
I’ve seen similar behaviour in the past (not specifically with letsencrypt) with servers that had IPv6 configured but not properly working, i.e. traffic being blocked by a firewall, etc. Maybe the client waits for a timeout and then falls back to IPv4. Can you confirm that something like
wget -6 https://google.com/
is working?
Hi,
Indeed I can’t establish a connection with google.com over IPv6. I though it worked cause I can ping my server over IPv6 from extern.
I just run again the client, and it’s really fast now. Thanks a lot for your help.
@jsha, is it possible to add a WARN message to prevent this kind of issues ?
Again, thanks a lot guys.
Possibly! I’d suggest filing an issue at https://github.com/letsencrypt/letsencrypt/. It probably doesn’t make sense to try and specifically detect IPv6 issues in the client, but there should probably be a timeout when making connections to the ACME server. The error message for those timeouts could suggest something like “please check the connectivity from your server to the outside Internet.”