jfieser
commented
5 months ago I used your suggestion, and it resolved my problem. Specifically, the command
certbot renew
failed to run and the test command
wget https://letsencrypt.status.io/
revealed that it was looking for an IPv6 address. This was not the case 2 months ago when the certs were originally set up. I added the lines:
LinkLocalAddressing=no IPv6AcceptRA=no
to the [Network] section of the /usr/lib/systemd/network/80-ec2.network file and rebooted. Got my cert right away.
Is your feature request related to a problem? Please describe. When using systemd-networkd with the LinkLocalAddressing option, IPv6 gets activated in an IPv4-only VPC environment. The activation of IPv6 cannot be prevented through kernel parameter settings as systemd-sysctl executes later than systemd-networkd.
Describe the solution you'd like To prevent the activation of IPv6 in IPv4-only VPCs, I suggest modifying the /usr/lib/systemd/network/80-ec2.network file, which is installed by the amazon-ec2-net-utils package. By adding the following lines to this file, IPv6 can be effectively disabled:
[Network] LinkLocalAddressing=no IPv6AcceptRA=no
Describe alternatives you've considered No alternative solutions have been considered as the proposed solution appears to be straightforward and effective.
Additional context It would be beneficial to adjust the 80-ec2.network file according to the VPC environment, ensuring that IPv6 does not activate in IPv4-only VPC settings.