Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: mt.r8z.us
I ran this command:
Installed cert-manager via microk8s configured dual stack, using traefik ingress. Service has publicly accessible IPV6 LB IP.
It produced this output:
cert manager pod in namespace default (testing with simple web reflector pod) logs:
I1130 16:00:31.034534 1 solver.go:87] cert-manager/acmesolver "msg"="got successful challenge request, writing key" "base_path"="/.well-known/acme-challenge" "host"="mt.r8z.us" "path"="/.well-known/acme-challenge/(token removed)" "token"="(token removed)”
cert-manager pod in cert-manager namespace logs:
E1130 16:14:42.763988 1 sync.go:186] cert-manager/challenges "msg"="propagation check failed" "error"="failed to perfor
m self check GET request 'http://mt.r8z.us/.well-known/acme-challenge/(token removed)': Get "htt
p://mt.r8z.us/.well-known/acme-challenge/(token removed)": dial tcp [2601:300:4500:202::5:201]:80: connect: network is unreachable" "dnsName"="mt.r8z.us" "resource_kind"="Challenge" "resource_name"="mt.r8z.us-t9gll-598920
55-257349850" "resource_namespace"="default" "resource_version"="v1" "type"="HTTP-01"
NOTE: I can go to that url from outside my network and resolve the challenge token, no problem. There’s no v4 address but the log says it can reach the IPv6 space for some reason, which path I know is good.
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes)
I'm using a control panel to manage my site (no)
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): (“latest” image)