Some users have cert issues while others do not

No. You have a valide certificate, so use it. The certificate has no information about the ip number.

But:

Your ipv6 doesn't work. I see, you have rechecked your domain (via https://check-your-website.server-daten.de/?q=arundelnewsnet.com ).

If you create a new certificate, Letsencrypt prefers ipv6.

But your ipv6 has timeouts, so creating a new certificate (in 60 - 85 days) would crash.

And it's also bad if a user comes via ipv6 - and has a timeout.

I have rechecked it and no luck. Should I show you the ipv6 definition?

Yep, share it.

Additional: Is there a firewall or something else that blocks ipv6?

Using online ipv6 ping tools your server doesn't answer.

Here is the SSL virtual host definition

https://pastebin.com/QGivLqpv

Here is the ip6tables allowing 443

https://pastebin.com/pYwLrtWF

That looks ok. But I’m not so firm with ipv6 configurations.

If you use a tool like

http://www.traceroute6.net/

your ipv6 doesn’t answer.

traceroute to 2600:3c03::f03c:91ff:fe54:d0c2 (2600:3c03::f03c:91ff:fe54:d0c2), 30 hops max, 80 byte packets
 1  2001:2e8:665:0:2:2:0:1 (2001:2e8:665:0:2:2:0:1)  0.077 ms  0.037 ms  0.034 ms
 2  2001:2e8:22:204::2 (2001:2e8:22:204::2)  0.897 ms  0.874 ms  0.939 ms
 3  2001:2e8:20::22:11 (2001:2e8:20::22:11)  0.810 ms  0.790 ms  0.852 ms
 4  2001:3e0:5001:12::1 (2001:3e0:5001:12::1)  1.520 ms  1.353 ms  1.457 ms
 5  gigabitethernet2-8.core1.tyo1.he.net (2001:7fa:7:1::6939:1)  2.009 ms  1.915 ms  1.826 ms
 6  100ge11-1.core1.sea1.he.net (2001:470:0:268::1)  82.560 ms  82.431 ms  90.629 ms
 7  100ge4-2.core1.msp1.he.net (2001:470:0:2a0::2)  123.424 ms  123.358 ms  131.577 ms
 8  100ge13-1.core2.chi1.he.net (2001:470:0:18e::1)  123.082 ms  131.441 ms  131.356 ms
 9  100ge16-1.core1.nyc4.he.net (2001:470:0:298::2)  147.516 ms  147.768 ms  139.717 ms
10  100ge8-1.core1.nyc6.he.net (2001:470:0:259::2)  156.246 ms  156.383 ms  156.375 ms
11  linode.com (2001:504:1::a506:3949:1)  141.075 ms  149.348 ms  149.136 ms
12  2600:3c03:6666:13::2 (2600:3c03:6666:13::2)  149.952 ms 2600:3c03:6666:12::2 (2600:3c03:6666:12::2)  149.865 ms  150.018 ms
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

But pinging your server works. Same tool:

PING 2600:3c03::f03c:91ff:fe54:d0c2(2600:3c03::f03c:91ff:fe54:d0c2) 56 data bytes
64 bytes from 2600:3c03::f03c:91ff:fe54:d0c2: icmp_seq=1 ttl=50 time=157 ms
64 bytes from 2600:3c03::f03c:91ff:fe54:d0c2: icmp_seq=2 ttl=50 time=157 ms
64 bytes from 2600:3c03::f03c:91ff:fe54:d0c2: icmp_seq=3 ttl=50 time=157 ms
64 bytes from 2600:3c03::f03c:91ff:fe54:d0c2: icmp_seq=4 ttl=50 time=157 ms
64 bytes from 2600:3c03::f03c:91ff:fe54:d0c2: icmp_seq=5 ttl=50 time=157 ms

--- 2600:3c03::f03c:91ff:fe54:d0c2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4162ms
rtt min/avg/max/mdev = 157.209/157.399/157.721/0.545 ms

Try now because it is working for me. The reason…I disabled ip6tables.

I don't need to recheck it, you have already rechecked your domain:

Now you have a complete setting with both domains (non-www and www) and two ip addresses, no mixed content warnings.

Perhaps add the last missing redirect

http + non-www -> https + non-www

@JuergenAuer

so it appears iptables is killing it so I just have to add the port for the ipv6 trace route?

Traceroute now finds your domain:

traceroute to 2600:3c03::f03c:91ff:fe54:d0c2 (2600:3c03::f03c:91ff:fe54:d0c2), 30 hops max, 80 byte packets
 1  2001:2e8:665:0:2:2:0:1 (2001:2e8:665:0:2:2:0:1)  0.081 ms  0.039 ms  0.033 ms
 2  2001:2e8:22:204::2 (2001:2e8:22:204::2)  0.907 ms  1.025 ms  0.850 ms
 3  2001:2e8:20::22:11 (2001:2e8:20::22:11)  0.867 ms  0.902 ms  0.887 ms
 4  2001:3e0:5001:12::1 (2001:3e0:5001:12::1)  1.795 ms  1.719 ms  1.981 ms
 5  gigabitethernet2-8.core1.tyo1.he.net (2001:7fa:7:1::6939:1)  1.520 ms  1.460 ms  1.395 ms
 6  100ge11-1.core1.sea1.he.net (2001:470:0:268::1)  82.985 ms  82.695 ms  90.658 ms
 7  100ge4-2.core1.msp1.he.net (2001:470:0:2a0::2)  123.497 ms  123.450 ms  123.456 ms
 8  100ge13-1.core2.chi1.he.net (2001:470:0:18e::1)  131.104 ms  131.014 ms  123.343 ms
 9  100ge16-1.core1.nyc4.he.net (2001:470:0:298::2)  139.655 ms  147.556 ms  147.765 ms
10  100ge8-1.core1.nyc6.he.net (2001:470:0:259::2)  156.437 ms  156.319 ms  152.249 ms
11  linode.com (2001:504:1::a506:3949:1)  141.053 ms  141.233 ms  141.305 ms
12  2600:3c03:6666:13::2 (2600:3c03:6666:13::2)  149.716 ms 2600:3c03:6666:12::2 (2600:3c03:6666:12::2)  149.650 ms  141.823 ms
13  2600:3c03::f03c:91ff:fe54:d0c2 (2600:3c03::f03c:91ff:fe54:d0c2)  149.371 ms  149.300 ms  149.477 ms

This is b/c I shutdown ip6tables. I would have to add the port for ICMP for ipv6 then correct?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.