I like to create a certificate for my Laptop which has one hostname assisiated with two
AAAA records in DNS. One address is used when connected via eth0 the second when connected via wlan0. Usually one address is online, the other offline.
Browsers, curl, postfix are able to connect to my laptop by the DNS name. They don’t care if one address is unreachable and take the next.
But in this setup acme-tiny failed ( which ist not the clients fault, I assume)
the answer from LE contain:
u’addressesResolved’: [u’2001:db8::1:1’, u’2001:db8::2:1’],
u’detail’: u’Could not connect to multihomed.example.org’
while the request /to/ LE use a temporary ipv6 address from network #2 LE select the address in network #1 for verification and that one is just offline :-/
It looks like LetsEncrypt does not try to connect to the next possible address if one fail.
Is that intentional?