Closed tecChris closed 5 months ago
Hello! Docker merged a change in v26 that I believe was causing this issue:
https://github.com/moby/moby/pull/47512
The LetsEncrypt container resolving the LE server to IPv4 and then being unable to communicate to it in an IPv6-only environment should be resolved by upgrading to at least Docker 26.0.0. Other changes were made in this version to improve stability in IPv6-only environments, as described in the release notes:
Description:
When attempting to set up Bitwarden on an IPv6-only server following the official installation guide, we encounter a connection timeout error during the Certbot operation for obtaining SSL certificates from Let's Encrypt. The issue specifically arises during the step where Certbot tries to connect to acme-v02.api.letsencrypt.org via HTTPS on port 443, leading to a connection timeout error. This issue does not occur on servers with Dual Stack (IPv4 and IPv6) configurations. Additionally, the log file that should be created according to the error message (/etc/letsencrypt/logs/letsencrypt.log) is not found in the specified location, suggesting that the process may not reach the point of log file creation or there might be an issue with the logging path.
Steps to Reproduce:
Expected Behavior:
Certbot should successfully connect to Let's Encrypt's API and obtain an SSL certificate, without any connection timeouts, regardless of the server being IPv6-only or Dual Stack.
Actual Behavior:
On an IPv6-only server, Certbot fails to connect to acme-v02.api.letsencrypt.org on port 443 after several retries, resulting in a connection timeout error. The expected log file at /etc/letsencrypt/logs/letsencrypt.log is not created, making further diagnosis challenging.
Additional Information:
The error message received is as follows:
Using default tag: latest latest: Pulling from certbot/certbot Digest: sha256:953b5daac63b14e4f8b77aacf4831f916faac836c67cd12fcc6408201554962e Status: Image is up to date for certbot/certbot:latest docker.io/certbot/certbot:latest Saving debug log to /etc/letsencrypt/logs/letsencrypt.log An unexpected error occurred: requests.exceptions.ConnectTimeout: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f1b3bf8f230>, 'Connection to acme-v02.api.letsencrypt.org timed out. (connect timeout=45)')) Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /etc/letsencrypt/logs/letsencrypt.log or re-run Certbot with -v for more details.
No reverse proxy is utilized, and both ports 80 and 443 are open in the firewall. This issue has been observed on multiple IPv6-only servers. Dual Stack servers (IPv4 and IPv6) do not exhibit this problem.