IPv6 renewal fails

I have a certificate that I created that includes an IPv6 hostname. The renewal fails saying it could not connect to the IPv6 address for verification. I’ve tested the IPv6 hostname connectivity using ssllabs.com so I know the server is responding. Is this an issue on the letsencrypt.org end?

Please fill out the fields below so we can help you better.

My domain is: soft1-v6.discoverypatterns.com

I ran this command: ./certbot-auto renew

It produced this output: Attempting to renew cert from /etc/letsencrypt/renewal/soft1.discoverypatterns.com.conf produced an unexpected error: Failed authorization procedure. soft1-v6.discoverypatterns.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to [2607:f0d0:1b02:33::4]:443 for tls-sni-01 challenge. Skipping.

My operating system is (include version): centos6.9

My web server is (include version): 2.2.15

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Hi @solarfarmer,

This is the second report of outbound IPv6 validations failing I’ve seen this morning (here’s the other). I’m going to escalate with our operations team. Thanks for reporting.

1 Like

Thanks. BTW, I verified I have IPv6 connectivity inbound to LetsEncrypt:

% ping6 acme-v01.api.letsencrypt.org
PING acme-v01.api.letsencrypt.org(2600:1404:a:391::3d5) 56 data bytes
64 bytes from 2600:1404:a:391::3d5: icmp_seq=1 ttl=58 time=34.1 ms
64 bytes from 2600:1404:a:391::3d5: icmp_seq=2 ttl=58 time=34.1 ms

Great thanks. I suspect this is entirely on the outbound leg between our validation server and your host.

The problem should be fixed now. Thanks again for reporting. Please let me know if you’re still having difficulties with IPv6 only authorizations.

1 Like

Confirmed Fixed! Thanks for the quick turnaround.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.