LetsEncrypt Certs is not recognizing IPv6

ebonsi · June 25, 2017, 4:22pm

I am on OSX Client Server, Apache 2.4.XX. LetsEncrypt is working OK on ipv4.

Hello, I do have ipv6 configured on the Server. When I tested the ipv6 connection on http://test-ipv6.com, I get score 10/10. Therefore, everything is ok in my end.

When I call the IPv6 on Firefox, I get a misconfiguration Cert error.

I do have 2 Servers running. One in production and the other is a template backup/test server. Each one have it's own ipv6 address.

My next renew, I will be using Certbot command as ACME command is no longer working.

root# cd /Users/user1/letsencrypt

./certbot-auto certonly
--standalone \
--email webmaster@domain.org
--rsa-key-size 4096 -d domain.org -d www.domain.org

I am wondering if there is anything special on the domain renew command input to make ipv6 work with the LetsEncrypt Certs?

Thanks!

Osiris · June 25, 2017, 7:38pm

How did you “call the IPv6”? By its IP address? Because the certificate is only valid for hostnames. (Let’s Encrypt doesn’t support IP addresses in the SAN field). Therefore, it will only validate as a valid certificate if you type in the correct hostname in the address bar of the browser. Using an IP address won’t work.

Note: this is the same for IPv4 as for IPv6.

ebonsi · June 25, 2017, 7:51pm

Thanks for clarifying that @Osiris! The hostname works fine! That pretty much closes the ipv4/ ipv6 issue.

system · July 25, 2017, 7:51pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.