Preferring IPv6 for challenge validation of dual-homed hosts


We recently updated Let’s Encrypt to prefer IPv6 addresses for challenge validation when the domain being validated has both IPv6 and IPv4 addresses.

Prior to this change IPv4 would be preferred for all dual-homed hosts. You may notice new validation failures for domains that publish an AAAA record but are only configured to respond to challenges for IPv4.

Prefer IPv4 for validation when ACME client requests are IPv4
Certbot - IPV6 Addresses on Domains Means Renewals Don't Work
Check all IP addresses of your servers - "IPv6 preference" troubleshooting
Certbot - TLS-SNI Challenge Failes Due to IPV6 and IPV6 Addresses Being Fielded by Different Servers
VestaCP: Invalid HTTP-01 challenge response, XHTML document
Does Let's Encrypt require IPv6 and forbid IPv4? [no]
Monitoring the state of certificates (cont.)
Not able to renew as letsencrypt doesn't retry challenges
No contact from acme-v01 when initiating a renew
Unable to renew certficate on Plesk Onyx Server
Getting timeout when renewing certificate
Letsencrypt uses old DNS data during authorization