Ipv6 acme endpoints not responsive

Since some time over the weekend I’ve been seeing most requests to the staging directory hanging fairly frequently. While debugging, I noticed that I’d see curl hang on https://acme-staging.api.letsencrypt.org/directory after connecting, and it was connecting to an ipv6 address. When I forced curl to ipv4, it seemed to start working right away.

The nature of the issue has been intermittent but as soon as I disabled ipv6 on my system, I’ve had no issues. What other data can I provide to assist in debugging?

Thanks

Perhaps record a

curl -6 -vvv --connect-timeout 10 -H "Pragma: akamai-x-cache-on, akamai-x-get-cache-key, akamai-x-get-true-cache-key, akamai-x-get-request-id" https://acme-staging.api.letsencrypt.org/directory

and traceroute6 / tcptraceroute -6 to the ACME server when you notice it has become inaccessible and post it here.

Maybe check at the same time that you can access e.g. ipv6.google.com from the server as well.

Some IPv6 ISPs are super flaky …

3 Likes

It is request-to-request intermittent. I’m just looking at an mtr and I’ve got huge % losses crossing through some chunk of my ISP’s IPv6 core. I haven’t noticed any other issues but I’m guessing chrome is much better about hiding this than curl/python/etc. Its strange - I always got an SSL handshake completion, so I wasn’t looking for network issues initially.

Anyway, I’ll go bother TW. Thanks.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.