xenolf
commented
7 years ago Did you try building from master?
Open linuskendall opened 7 years ago
xenolf
commented
7 years ago Did you try building from master?
LukeHandle
commented
7 years ago Hey @linuskendall, just to confirm, if you do something like curl -6 ifconfig.co it returns your IPv6 address?
csawyerYumaed
commented
6 years ago lego --version lego version 1.0.1
calling:
lego --dns manual --dns-resolvers 2606:4700:4700::1111 --domains="example.com" run2018/08/01 06:31:06 Could not obtain certificates
acme: Error -> One or more domains had a problem:
[example.com] Error presenting token: dial udp: address 2606:4700:4700::1111: too many colons in addressseems you can't hand it a ipv6 address for a dns-resolver.
also:
curl -6 ifconfig.co returns ipv6 address.curl ifconfig.co returns ipv6 address.putting a ipv4 address there (say 1.1.1.1) returns a "Time limit exceeded." error.
dig @1.1.1.1 TXT _acme-challenge.example.com of course works fine.
dig @2606:4700:4700::1111 TXT _acme-challenge.example.com also works fine.
csawyerYumaed
commented
6 years ago Workaround, edit /etc/resolv.conf and put in a ipv6 address as a nameserver
i.e.: nameserver 2606:4700:4700::1111
and you will get something like:
...
2018/08/01 07:06:44 [INFO][example.com] Checking DNS record propagation using [[2606:4700:4700::1111]:53 1.1.1.1:53 8.8.8.8:53]
2018/08/01 07:06:49 [INFO][example.com] The server validated our request
sting certificates
...
2018/08/01 07:06:50 [INFO][*.example.com] Server responded with a certificate.
I noticed that since AWS enabled IPv6 I've been getting failures to issue certificates with Lego on some hosts where DNS is hosted on Route 53:
Command line:
Manual resolution using dig given the IPv6 addresses of DNS servers (2600:9000:5300:7d00::1) above works fine. The problem goes away when I edited /etc/gai.conf to prefer IPv4 over IPv6.
lego version 0.3.1 on Debian 7/Jessie.