w0jtas
August 12, 2021, 3:19pm
1
It seems that IPv6 API endpoint does not work. Does anyone can confirm that ? I am trying from multiple machines. Everywhere is the same result:
wojtas@w0jtas-HOME:~$ ping6 -c5 acme-v02.api.letsencrypt.org acme-v02.api.letsencrypt.org (2606:4700:60:0:f53d:5624:85c7:3a2c) 56 data bytesacme-v02.api.letsencrypt.org ping statistics ---
MTR: Also looks great.
CURL:https://acme-v02.api.letsencrypt.org/
I'll be glad for any help...
Best regards,
2 Likes
rg305
August 12, 2021, 3:24pm
2
Hi @w0jtas , and welcome to the LE community forum
Can you curl -6 to other sites?curl -6 https://google.com/
Which version of curl and GnuTLS are you using?
2 Likes
w0jtas
August 12, 2021, 3:37pm
3
Hi @rg305 , thanks for fast answer and nice to meet You too
So yes. Other sites are working.
wojtas@w0jtas-HOME:~$ curl -6 https://google.com
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>
or
wojtas@w0jtas-HOME:~$ curl -6 https://www.youtube.com
<!DOCTYPE html><html style="font-size: 10px;font-family: Roboto, Arial .....
curl version is:
wojtas@w0jtas-HOME:~$ curl --version
curl 7.47.0 (x86_64-pc-linux-gnu) libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets
But of course i've started to check curl becouse certbot simply throws a lot of exceptions
root@web2:/home/wojtas# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/finemedia.pl.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Attempting to renew cert (finemedia.pl) from /etc/letsencrypt/renewal/finemedia.pl.conf produced an unexpected error: ("bad handshake: SysCallError(104, 'ECONNRESET')",). Skipping.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/joannastefanowicz.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Attempting to renew cert (joannastefanowicz.com) from /etc/letsencrypt/renewal/joannastefanowicz.com.conf produced an unexpected error: ('Connection aborted.', OSError("(104, 'ECONNRESET')",)). Skipping.
And so on....
Curl used with "-4" option for letsencrypt api works great...
Best regards,
3 Likes
w0jtas
August 12, 2021, 4:10pm
4
Solved here. Not an LE problem. Network layer problem. IPv6 communication to some servers (Letsencrypt included) was routed with multipathing enabled with some seriously faulty hashing of IPv6 streams.
Therefore, communication stream had packets with completely fuc*** order, which caused all the issues.
SOLVED. Resolution described here to feed google for others.
Router included which is causing this: Ericsson Redback SE600 and Ericsson Redback SE1200. Disabling multipathing in BGP is the solution i've used. Documentation mentions about IPv6 not supported in layer4 load balancing but i supposed it will use layer3, which will be still ok for everything to work. This is not the case. Sry ;(
Best regards,
6 Likes
system
September 11, 2021, 4:11pm
5
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
