Let's encrypt does'nt work on a domain name IPv6 only

cayenne

New Member
Mar 19, 2021
4
1
3
25
Hello,
ACME does'nt listen on port 80 in IPv6. It listen port 80 only in IPv4.

For domain names with only record type AAAA, ACME does'nt work on Proxmox VE.

I haven't software is listen on the port 80 in IPv4 or IPv6.

I took a screenshot of the ACME logs and the "ss -atlp" command when ordering certificates.
 

Attachments

  • 20210414_17h49_21s_electerm_nezYfHeexM.png
    20210414_17h49_21s_electerm_nezYfHeexM.png
    34.9 KB · Views: 14
  • 20210414_17h52_51s_msedge_QoCMrDaYjQ.png
    20210414_17h52_51s_msedge_QoCMrDaYjQ.png
    21.4 KB · Views: 14
Last edited:

fabian

Proxmox Staff Member
Staff member
Jan 7, 2016
7,707
1,457
164
please file a bug and include your pveversion -v output and other relevant details. thanks!
 
Nov 20, 2020
10
0
1
48
Hi,

In IPv6 only environment this worked for quite some time as I've been renewing LE certificates from IPv6-only environment for over a year now.

root@prox01-lju:~# lsof -i | grep http
task\x20U 808660 root 12u IPv6 476825836 0t0 TCP *:http (LISTEN)
task\x20U 808663 root 12u IPv6 476825836 0t0 TCP *:http (LISTEN)

However, there is a bug that you are describing, but only if you add any IPv4 address on any interface on ProxMox server - then the LE temporary web server starts and listens only on IPv4:

root@proxmox-lab:~# lsof -i | grep http
task\x20U 31635 root 11u IPv4 97504 0t0 TCP *:http (LISTEN)
task\x20U 31667 root 11u IPv4 97504 0t0 TCP *:http (LISTEN)

I added IPv4 address to my proxmox-lab server and did not add A record in DNS - and LE renewal immediately broke.

I think that this is something that ProxMox devs might want to have a look in it. Attached is output of pveversion -v .

Cheers, Jan Zorz
 

Attachments

  • proxmox-lab-pveversion.txt
    1.2 KB · Views: 2

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!