IPv6 verification fails, no DNS

dg9ngf · March 26, 2017, 10:08am

I came here through Google and found another thread that says IPv6-only domains are supported as of July 2016. Still doesn’t work for me. All software from the Ubuntu repository is up to date.

My domain is:
a domain that is only available through IPv6 and has no A record, just AAAA

I ran this command:
letsencrypt certonly --webroot -n -w /var/www/certbot -d “$DOMAIN”
(domain hidden)

It produced this output:

Failed authorization procedure. $DOMAIN (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to $DOMAIN
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: $DOMAIN
   Type:   connection
   Detail: Could not connect to $DOMAIN

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

My operating system is (include version):
Ubuntu Server 16.04

My web server is (include version):
Apache 2.x

My hosting provider, if applicable, is:
own server

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

TCM · March 26, 2017, 10:17am

It doesn’t say anything about a DNS error and without any actual data, there’s not much to debug.

mnordhoff · March 26, 2017, 10:31am

I was able to issue a certificate just now, though i was using the staging server. (Also probably a newer version of Certbot, but that probably doesn’t matter.)

Are you sure your server is working well?

schoen · March 26, 2017, 9:30pm

@dg9ngf, hopefully in the future we can get more specific error messages in this situation, but for the time being it will be hard to debug without knowing the real domain name and IPv6 address in question (for people to try their own resolver/connectivity experiments).

You can try using curl on another IPv6-connected machine to see if your machine appears to be reachable from its point of view (using HTTP on port 80, in this case, which is what the challenge type you’re using requires).

dg9ngf · March 27, 2017, 11:59am

Sorry, I was able to figure it out myself. My web server configuration was somehow wrong and it was listening on the wrong IPv6 address, not the one registered in the DNS record. I fixed that and then verification through the bot succeeded.

system · April 26, 2017, 11:59am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certbot - Not able to verify Domain due to IPV6 Records Help	3	1237	June 24, 2017
Certbot - Challenge Not Passing Due to IPV6 Configuration Help	4	2332	June 24, 2017
Help with IPV6 only server Help	5	3536	July 14, 2017
VPS and domain hosting vs DNS Help	19	1865	May 19, 2020
Certbot trying a challenge to old IPv6 instead of new IPv4 Help	10	1071	August 15, 2021

IPv6 verification fails, no DNS

Related topics