I think you misunderstand what I was asking, otherwise you wouldn't insist that a lack of AAAA records is a problem. Certbot has been updated to perform domain validation over IPv6. This caused a problem for me just now when I went to update a certificate. Searching the problem on the internet lead me to this thread initially: Type: unauthorized Detail: Invalid response from - #2 by schoen - which detailed an error very similar to my own initial error. In the thread, someone posted this:
Let’s Encrypt recently changed to preferring validations over IPv6 if a site has an AAAA record. Many people’s sites, it turns out, do have AAAA records but are not properly set up to receive incoming web connections via IPv6.
I then did a little more digging, and found this thread: Certbot, force IPv4?, and I followed your very own advice here.
You can
- remove the ipv6 entry
- add a redirect ipv6 domain -> other domain (or new subdomain) only with ipv4 on your ipv4 config and use that. Letsencrypt follows such redirects (port 80 or 443)
After that, I went and did some more digging to find this: https://www.cyberciti.biz/faq/nginx-ipv6-configuration/
There I noticed that my Nginx server blocks were almost correct. My HTTPS blocks were set up for IPv6, but my HTTP blocks were not. So I updated them to include the listen [::]:80 directive. That still didn't work even though the netstat command shows that nginx is indeed listening for incoming IPv6 traffic on both HTTP ports.
As for your request for my IPv6 address, here you go: 2600:3c02::f03c:92ff:fe78:2587/64