I must confess that I am more or less a passive member of this community in that I mostly read the posts on this forum and write seldom.
This will be a kind of rant, discussion starter type of post as I am noticing more and more people have problems with certification issuance, be it new or renewals, when they have a misconfigured server.
YES, misconfigured server and/or firewall.
Yes, I know that IPv6 is the new thing that ISPs are pushing towards customers which is great, about time I say, but the thing is that the users are mostly not educated enough about IPv6 connectivity, how is it different from IPv4 and what caveates does it bring with it’s implementation.
1st. IPv4 NAT is not security in a sense of a firewall, it’s a false sense of security
2nd. IPv6 is natively to run without NAT due to abundance of IPs available and therefore requires a correctly installed and configured firewall as each device that is connected to the internet via IPv6 has a PUBLIC IP address which is normally globally routable, i.e. each user on the internet can directly access your device if the IP is known and the firewall permits it - no port forwarding neccesarry as with IPv4 and NAT configuration.
So please to all users, that have IPv6 enabled, please double check and make sure that you have firewall correctly installed and configured in place otherwise it is best to disable IPv6 until you do so. Doing so will ensure that your certificate from Let’s encrypt will be issued without problems and also you will be more secure on the internet while using IPv6(or not).
I apologize for this, kind of rant, post, but I really hate to see people blame LE for issues regarding certificate issuance where they have misconfigured IPv6.
LE and the community, keep up the good work, I love it!