-
Notifications
You must be signed in to change notification settings - Fork 230
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] letsencrypt handshake not working on IPv6 only #770
Comments
Hi @chrismade, thank you for opening this issue. Let's encrypt will never generate a certificate for
|
@TheophileDiot thanks for pointing out that www.example.com is restricted by policy - and yes, I don't own this domain. The essence of my bug report is that getting a letsencrypt certificate won't work for ANY domain if you only have an AAAA record and IPv6 connection (which it should) - only if you add an A record and IPv4 connection it will work. bug reporting guideline request us to replace indivudual data by something some generic. So kindly replace www.example.com by any domain you own to reproduce the issue. Can you pls have a look into this issue? |
Oh alright, @chrismade. My bad. i'm currently investing this. I'll let you know if I find something. |
What happened?
I'm aware that the IPV6=yes feature is currently in beta and not ready for production - so this report is likely for the backlog.
I created a simple static website - and tried to enable letsencrypt to acquire a certificate - however, that is failing - bunkerweb startup procedure stops at this point:
How to reproduce?
running bunkerweb v1.5.3 in docker on debian12 - made a simple static website under www.example.com
for this case the connection is only working on IPv6 and hence I only made an AAAA DNS record
the connectivity to bunkerweb on port 80 was tested from outside by curl and was ok
then I changed the two letsencrypt lines in the config file from "no" to "yes" and restarted docker compose
letsencrypt's standard behavior is to use IPv6 / AAAA records first (which causes its own issues sometimes) so I assume it is sufficiently tested under IPv6 already
I was able to get a certificate successfully, so no "file not found" error anymore when I added a IPv4 portforwarding and an A record for the domain - I assume that there is just a tiny issue in the certificate challenge handshake to verify the domain URL path which does not yet work under IPv6 only
Configuration file(s) (yaml or .env)
Relevant log output
BunkerWeb version
1.5.3
What integration are you using?
Docker
Linux distribution (if applicable)
debian12
Removed private data
Code of Conduct
The text was updated successfully, but these errors were encountered: