Renewal of LetsEncrypt certificates on a number of dual-stacked hosts which I manage has, until recently, just worked.
Within the last week or ten days, there has been a routing problem in my hosting
provider’s network, so that these hosts are no longer reachable over IPv6. Perhaps due to obstacles arising from the COVID-19 pandemic, my hosting provider has not yet been able to resolve this problem.
Certificates fell due for automatic renewal on one of these hosts two days ago. Renewal failed, and certbot showed a message that the LetsEncrypt server was not receiving a response from the host.
Manual retry also failed. Subsequent retry after withdrawing the relevant AAAA records from the DNS succeeded.
I anticipate a ripple effect as other hosts in turn need certificates renewed.
It would be helpful if, on failure to reach the host over IPv6, the LetsEncrypt servers would automatically fall back to trying IPv4. If this feature has already been implemented, it seems that it is not always working correctly (or not uniformly deployed on all LetsEncrypt server instances), and needs some debugging; in this case, I shall be happy to help as may be useful.