zenhack
commented
1 year ago simp_le defers to the python acme library for lower level networking stuff like this, and I'd expect this to bottom out at still-lower-level libraries by default -- I haven't looked but the sane way to do this seems like it would be to just let the HTTP libraries do their thing. If those libraries are deciding to connect via ipv6 when the host they're on doesn't actually support it, I suspect there's something wonky going on with your network config. Does the container think it has an ipv6 address?
That said, if there are python-acme options to give the caller more control over this, I wouldn't be opposed to accepting a patch that exposed them via cli flags.
regnete
Sadly docker containers do not support access to remote servers via ipv6 out of the box.
For an example on how many things to do and think about in order to enable ipv6 access to the internet see https://medium.com/@skleeschulte/how-to-enable-ipv6-for-docker-containers-on-ubuntu-18-04-c68394a219a2
The Let's Encrypt server names (e.g. r3.o.lencr.org) are configured and accessible with either ipv4 or ipv6 addresses.
simp_le seems to always use the ipv6 addresses.
This results in problems when creating or renewing certificates from within docker containers in case they cannot access ipv6 servers. I ran into this problem using https://github.com/nginx-proxy/nginx-proxy.
Is there an opportunity to force the use of ipv4 adressess when accessing the Let's Encrypt servers? it woud be great to make this available via command line argument and ENV variable. Command line arg should overwrite ENV var then.