Enable IPV6 and HTTP2

I’ve got a few server with Ubuntu/Nginx where I have setup Let’s Encrypt on IPV4 on and they are working perfectly. I’d like to enable IPV6 and eventually HTTP/2.

My question is:

Is there anything I need to do to enable IPV6 on those hosts (save for the Nginx configuration) for Let’s encrypt to work?

In enabling HTTP/2 will I need to change anything in Let’s encrypt?

TIA

1 Like

Hi @evit

if you have a working ipv6 configuration, Letsencrypt will use it. If your ipv6 is broken (AAAA record, but no / different answer checking http + /.well-known/acme-challenge/random-filename), that blocks creating a new certificate.

As I know, the Letsencrypt validator currently doesn’t support http/2. But that’s not a problem, http 1.1 is used. More important: Tls.1.2 is required, the validator doesn’t use Tls.1.3.

1 Like

Let’s Encrypt will work as long as you configured the address correctly. What you’ll need to do is:

  1. Add IPV6 to your server
  2. Configure Nginx to listen to IPV6
  3. Make sure the IPV6 address is public and accessible (working)

After those your renewals should have no trouble.

Honestly if you want to enable HTTP/2 in Nginx, you just need to add a line to each virtual host… There’s minimum impact, and absolutely no impact to Let’s Encrypt if you do that right.

1 Like

Hi, Thanks for your help so far. =) I got it running on one of my test servers but I still have one question. I see my settings listed as:

listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot

Can I edit these or will Certbot remove HTTP/2 if I add it? If not, where should I add it?

TIA

1 Like

You can definitely edit those lines (and I would suggest you to remove the IPV6 only=on). Believe me, certbot won’t angrily scream at you :grin:

Just make sure the configuration is working (by doing nginx -t before you reload / restart)

Thanks

1 Like

That is working now but Nginx is giving on a HTTP 404 on the IPV6 site. =(

1 Like

Can you provide a Nginx host file (with nginx -T)? Make sure you’ve bind your website to that domain.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.