I’ve got a few server with Ubuntu/Nginx where I have setup Let’s Encrypt on IPV4 on and they are working perfectly. I’d like to enable IPV6 and eventually HTTP/2.
My question is:
Is there anything I need to do to enable IPV6 on those hosts (save for the Nginx configuration) for Let’s encrypt to work?
In enabling HTTP/2 will I need to change anything in Let’s encrypt?
TIA
Hi @evit
if you have a working ipv6 configuration, Letsencrypt will use it. If your ipv6 is broken (AAAA record, but no / different answer checking http + /.well-known/acme-challenge/random-filename), that blocks creating a new certificate.
As I know, the Letsencrypt validator currently doesn't support http/2. But that's not a problem, http 1.1 is used. More important: Tls.1.2 is required, the validator doesn't use Tls.1.3.
Let's Encrypt will work as long as you configured the address correctly. What you'll need to do is:
After those your renewals should have no trouble.
Honestly if you want to enable HTTP/2 in Nginx, you just need to add a line to each virtual host... There's minimum impact, and absolutely no impact to Let's Encrypt if you do that right.
Hi, Thanks for your help so far. =) I got it running on one of my test servers but I still have one question. I see my settings listed as:
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
Can I edit these or will Certbot remove HTTP/2 if I add it? If not, where should I add it?
TIA
You can definitely edit those lines (and I would suggest you to remove the IPV6 only=on). Believe me, certbot won't angrily scream at you 
Just make sure the configuration is working (by doing nginx -t before you reload / restart)
Thanks
That is working now but Nginx is giving on a HTTP 404 on the IPV6 site. =(
Can you provide a Nginx host file (with nginx -T)? Make sure you’ve bind your website to that domain.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.