Let's encrypt does'nt work on a domain name IPv6 only

C

cayenne

Member
Mar 19, 2021
4
1
8
28
Hello,
ACME does'nt listen on port 80 in IPv6. It listen port 80 only in IPv4.

For domain names with only record type AAAA, ACME does'nt work on Proxmox VE.

I haven't software is listen on the port 80 in IPv4 or IPv6.

I took a screenshot of the ACME logs and the "ss -atlp" command when ordering certificates.
 

Attachments

  • 20210414_17h49_21s_electerm_nezYfHeexM.png
    20210414_17h49_21s_electerm_nezYfHeexM.png
    34.9 KB · Views: 14
  • 20210414_17h52_51s_msedge_QoCMrDaYjQ.png
    20210414_17h52_51s_msedge_QoCMrDaYjQ.png
    21.4 KB · Views: 14
Last edited:
please file a bug and include your pveversion -v output and other relevant details. thanks!
 
Hi,

In IPv6 only environment this worked for quite some time as I've been renewing LE certificates from IPv6-only environment for over a year now.

root@prox01-lju:~# lsof -i | grep http
task\x20U 808660 root 12u IPv6 476825836 0t0 TCP *:http (LISTEN)
task\x20U 808663 root 12u IPv6 476825836 0t0 TCP *:http (LISTEN)

However, there is a bug that you are describing, but only if you add any IPv4 address on any interface on ProxMox server - then the LE temporary web server starts and listens only on IPv4:

root@proxmox-lab:~# lsof -i | grep http
task\x20U 31635 root 11u IPv4 97504 0t0 TCP *:http (LISTEN)
task\x20U 31667 root 11u IPv4 97504 0t0 TCP *:http (LISTEN)

I added IPv4 address to my proxmox-lab server and did not add A record in DNS - and LE renewal immediately broke.

I think that this is something that ProxMox devs might want to have a look in it. Attached is output of pveversion -v .

Cheers, Jan Zorz
 

Attachments

You must log in or register to reply here.
Top Bottom