Skip to content

Unable to generate standalone certs with ipv6 enabled #710

Open
@Byh0ki

Description

@Byh0ki

Hello,

I was trying to generate a cert for a standalone service but it wasn't working for some reasons. After a little digging, I found that trying to reach http://example.com/.well-known/acme-challenge/ was not working during the cert generation loop (after a manual call to /app/signal_le_service) even if the file standalone-cert-example.com.conf was in /etc/nginx/conf.d/. I tried to replicate the issue with a copy of the previously generated file and found out that it was missing the line listen [::]:80;(maybe on purpose ?). I'm currently on a dual stack server and if I correctly understood the error message I got from the companion[1], Let's Encrypt will perform the challenge validation over IPv6 if my domain's DNS entry has both A and AAAA fields. I added the proper line and everything worked fine.

I don't know if it's a good idea to add the line listen [::]:80; by default in the add_standalone_configuration function ? Or maybe we could find a way to add it dynamically ?

https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion/blob/711c56acc160ea921cbc5797b5dc39d28df044bc/app/functions.sh#L115

[1] CA marked some of the authorizations as invalid, which likely means it could not access http://example.com/.well-known/acme-challenge/X. Did you set correct path in -d example.com:path or --default_root? Are all your domains accessible from the internet? Please check your domains' DNS entries, your host's network/firewall setup and your webserver config. If a domain's DNS entry has both A and AAAA fields set up, some CAs such as Let's Encrypt will perform the challenge validation over IPv6. If your DNS provider does not answer correctly to CAA records request, Let's Encrypt won't issue a certificate for your domain (see https://letsencrypt.org/docs/caa/).

Thanks,

Byh0ki

Metadata

Metadata

Assignees

No one assigned

    Type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions