This is from my hosting client; she had an IT techie look into an issue and his response was:
"When accessing the website with a new hot spot, the page won't load. When using a different connection, it does load. What is interesting here is that when I ping the website from the functional connection, I get an IPv4 ip address returned. When I ping with the new hotspot, I get an IPv6 address returned. This makes me wonder if there is a DNS translation issue or if the server has an IPv6 address that wasn't meant to be enabled possibly."
The hosting client then stated:
"This mirrors my experience. I’m unable to log in/load the site when my phone has a 5G connection, but when I’m connected via wifi, there are no issues. Similarly, the page will not load (read: gives me the ERR_HTTP_RESPONSE_CODE_FAILURE message) when I’m using a hot spot, which I assume is also that 5G data which may access the site differently."
I do not know how to emulate an IP6 Only network to even replicate the issue being reported.
I do not know if this is a LetsEncrypt SSL cert issue, an IIS 8.5 issue, a DNS issue or a Server issue.
PLEASE, ANY Help would be GREATLY Appreciated.
Yes, SSL is forced on this website, so I can see where http: requests would get denied or forbidden. It is the IPv6 to the https address where it says permission denied; I think that is the issue. I searched the return message and saw some results talking about an IPv6 firewall verses IPv4 firewall. When I go into the Windows Server firewall; I am not seeing a "different" windows firewall for IPv4 verses IPv6; is there such a thing?
The IPv4 A Record = Hurricane Electric and IPv6 AAAA Record = Valley Internet Co is Correct. My friend owns Valley Internet and he is the actual leasor of the Hurricane Elec co-lo; I "sub-lease" two of my servers in his cabinet at Hurricane Elec in Fremont, CA.
Neither your IPv4 or address or your IPv6 address appear to be listening on port 80. The HTTP-01 challenge uses plaintext HTTP, it won't attempt to connect over HTTPS unless it receives an HTTP redirect. See Challenge Types - Let's Encrypt
To receive a certificate without running an HTTP server on port 80 you would need to use the DNS-01 challenge or the TLS-SNI-01 challenge. (The latter is still not practical for use with most web server software AFAIK.)
var oldURL = window.location.hostname + window.location.pathname;
var newURL = "https://" + oldURL;
window.location = newURL;
I have been hosting this site for 9+ years with no issues reported until now, but it appears to only be when a client is on a IPv6 Only network, but a lot of this stuff is foreign to me. I am open for any suggestions to try. Thanks for your reponse; any and all are helpful.
Mike, not familiar with curl, but "I think" the Windows CMD translation is PING ??
ping -4 ifconfig.co returns: 18.104.22.168 (4 packets sent and 4 packets received; 0 Lost)
ping -6 ifconfig.co returns: 2606:4700:e4::ac40:a20f (4 packets sent and 0 packets received; Request timed out x 4; 100% loss)
The results for IPCONFIG are too long to put in here, but the IPv6 address of 2602:fe92:5::106 is listed (along with 80+ other IPv6 addresses and the IPv4 address of: 22.214.171.124 is also listed (along with 90+ other IPv4 addresses). Somewhere in previous posts, I had accidentally stated 126.96.36.199 (that was a typo) it is: 188.8.131.52 and it IS listed in the ipconfig results.
FYI: curl is NOT a recognized command from the server.