Preferring IPv6 for challenge validation of dual-homed hosts


#1

We recently updated Let’s Encrypt to prefer IPv6 addresses for challenge validation when the domain being validated has both IPv6 and IPv4 addresses.

Prior to this change IPv4 would be preferred for all dual-homed hosts. You may notice new validation failures for domains that publish an AAAA record but are only configured to respond to challenges for IPv4.


Prefer IPv4 for validation when ACME client requests are IPv4
VestaCP: Invalid HTTP-01 challenge response, XHTML document
Certbot - IPV6 Addresses on Domains Means Renewals Don't Work
Certbot - TLS-SNI Challenge Failes Due to IPV6 and IPV6 Addresses Being Fielded by Different Servers
Monitoring the state of certificates (cont.)
Does Let's Encrypt require IPv6 and forbid IPv4? [no]
Check all IP addresses of your servers - "IPv6 preference" troubleshooting
Not able to renew as letsencrypt doesn't retry challenges
Unable to renew certficate on Plesk Onyx Server
Letsencrypt uses old DNS data during authorization
No contact from acme-v01 when initiating a renew