You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When the domain requested for issuing/renewal has an AAAA (IPv6) record, Let's Encrypt will proceed using IPv6 connectivity instead of IPv4. Consequently, acme.sh must be told to accept inbound IPv6 connections, but on OpenBSD the --listen-v6 option doesn't seem to have any effect. Providing a --local-address ..., whether ::/0 or the host's actual IPv6 address, makes no difference either. Instead acme.sh still tells nc/socat to do only IPv4 and fails to accommodate Let's Encrypt's connection attempts, causing the issuing/renewal to fail.
Temporarily removing the AAAA record from the domain solves the problem, but this is obviously disruptive and not an acceptable or sustainable solution.
Add.: when the invocation below is running I've confirmed with netstat/fstat that acme.sh is indeed listening on an IPv4 TCP socket, but nothing on IPv6, contrary to what it has explicitly been told to do.
Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.
When the domain requested for issuing/renewal has an AAAA (IPv6) record, Let's Encrypt will proceed using IPv6 connectivity instead of IPv4. Consequently, acme.sh must be told to accept inbound IPv6 connections, but on OpenBSD the
--listen-v6
option doesn't seem to have any effect. Providing a--local-address ...
, whether::/0
or the host's actual IPv6 address, makes no difference either. Instead acme.sh still tells nc/socat to do only IPv4 and fails to accommodate Let's Encrypt's connection attempts, causing the issuing/renewal to fail.Temporarily removing the AAAA record from the domain solves the problem, but this is obviously disruptive and not an acceptable or sustainable solution.
Add.: when the invocation below is running I've confirmed with netstat/fstat that acme.sh is indeed listening on an IPv4 TCP socket, but nothing on IPv6, contrary to what it has explicitly been told to do.
Steps to reproduce
./acme.sh --standalone --listen-v6 --local-address '2601:56:XXXX:XXXX::1234' --httpport 1080 --renew --domain some.domain
Debug log
The text was updated successfully, but these errors were encountered: