Support for IPv6-only hosts

This is correct for WWW Users but will be complete different if the cert is allowed for client/mail authentication.
In this case the OV certificate can fulfill legal requirements as an replace for signature on legal documents.
And also there is no chance to use an DV cert for MS code signing while OV should be possible. People often
forget that X509-Ceritifcate are not only used for WebPages. For example OV can be used in some API cases with
WebServices or XML-Signining to generate invoices where you do not need to verify the company address.

1 Like

well okay that again makes sense.

but what doesnt make sense is that EV certs are not for business entites and what makes even less sense is that iirc .onion shall require EV certs, which essentially kicks out the most important userbase of TOR…

Guys can we limit the conversation to LE IPv6 related info please? It’s not great watching a thread and being sent notifications about unrelated topics.

3 Likes

Any update on IPv6-only hosts verification? (using Apache plug-in)

This is for a mirror of http://test-ipv6.com which loads some tests images from IPv4-only and IPv6-only sites. See below:

   Failed authorization procedure. ipv6.test-ipv6.vyncke.org (tls-sni-01): urn:acme:error:unknownHost :: The server could not resolve a domain name :: No IPv4 addresses found for ipv6.test-ipv6.vyncke.org, mtu1280.test-ipv6.vyncke.org (tls-sni-01): urn:acme:error:unknownHost :: The server could not resolve a domain name :: No IPv4 addresses found for mtu1280.test-ipv6.vyncke.org

   **IMPORTANT NOTES:**
     - The following 'urn:acme:error:unknownHost' errors were reported by
       the server:

   Domains: ipv6.test-ipv6.vyncke.org, mtu1280.test-ipv6.vyncke.org
       Error: The server could not resolve a domain name

By the way: great tool :slightly_smiling:

We’re getting closer! We’ve got an allocation, and now need to do some configuration work on the server side. We’ll announce here when it’s ready. We’re excited about IPv6 too!

13 Likes

Great to hear! Thanks for chiming in @jsha!

Is there any idea of the horizon when ipv6 will be available?

Are we talking week of months?

/Henning

1 Like

No timeframe AFAIK. The two biggest hurdles were being assigned a block (done) and configuring/securing it (in progress). There’s no knowing how long that may take unless a staff member posts something (which they’re not inclined to do since it’s not high priority so could get bumped for more serious issues).

You may find that the DNS-01 challenge could suit your purposes in the meantime if it becomes available before IPv6-only.

1 Like

Hi all,

I just wanted to ask if/suggest that someone is monitoring the logs for http-01 validation to see how frequently one fails with the error "“detail”:"No IPv4 addresses found for ", to help guage the audience that would benefit from this enhancement. Most likely folks who encounter this failure will try once and give up, so the only value it adds is some visibility into the number of unique hosts/users/networks that would benefit from this functionality. I myself participate in 3 different projects where we are looking into increased use of IPV6-only hosts, but it conflicts with an initiative of ours to begin securing everything with LetsEncrypt. We can kludge one-time validations together manually via DNS-01, but not automatic renewal.

Good idea, @FliesLikeABrick. Filed an issue.

1 Like

Would love ipv6 support too.

1 Like

Looking forward to IPv6 and Let’s Encrypt compatibility. :slight_smile:

1 Like

I’d also love to see IPv6-only host support

1 Like

It’s on the upcoming features with a ETA set to tomorrow.

How about adding an IPv6-in-IPv4 tunnel or a vpn service that can assign IPv6 address on the edge server (or a trusted external server that has dual-stack addresses)? When the v6-in-v4 tunnel or vpn connection is established between the real server and the edge server, the real server will have IPv6 access.
(Certainly, native IPv6 is the best choice.)

I have many IPv4-only and IPv6-only websites,which use two domain names to differentiate IPv4 and IPv6 services.So I really hope that the support for IPv6-only hosts/domain names can be implemented quickly.

Now it states ETA: Before April 22, 2016 -> today :slight_smile:
Looking forward. It can only be a matter of days…

Thank you so much for all the work!

Still not working whit ipv6 only domains

For those intending to actually test the functionality, please subscribe to the GitHub issue here instead of posting complaints or requesting updates.

2 Likes

luck to find this feature will come when I use let’s encrypt on a ipv6-only host

For the second time the “due date” of the https://letsencrypt.org/upcoming-features/ has passed away and IPv6 isn’t working.

1 Like