The client is getssl and it is working perfectly fine for those hosts with both A and AAAA records. For the domain above, it persistently reports the verification request as “pending”. More importantly, the only requests I see in the server log is from my local machine when getssl verifies that the challenge is present. There is no sign of any requests from 3rd party origins.
Could someone please check the logs on the ACME side for why no requests for the challenge are being created?
If the authorization is stuck in a pending state, it suggests that the client is not submitting the challenge for validation at all. Otherwise, it would be in a “valid” or “invalid” state. Perhaps the client itself is having issues with IPv6-only hosts. Either way, it’s unlikely that the ACME server logs would reveal any of that.
Running the client in debug mode with -d might reveal where it’s stuck. Make sure you’re also using a client version >= 1.31; that release fixed an issue caused by Let’s Encrypt starting to re-use existing authorizations which would manifest as a challenge stuck in a pending state.