LetsEncrypt SSL Creation failed after enabling IPv6

[Meiji]

Hi,

I have enabled Ipv6 and added Ipv6 as a linked IP of IPv4.

After that, When I add a new user, and try to install SSL certificate, I am getting the following error:

Error: http://domain.com/.well-known/acme-challenge/letsencrypt_1584536906 is not reachable. Aborting the script.
dig output for domain.com:
2602:XXXX:XXXX:XXXX:242
Please make sure /.well-known alias is setup in WWW server.

How do I troubleshoot/fix the error?

 

[Meiji]

I want to add that this only happens when the domain has both IPv4 and IPv6.

If I add a domain with IPv4 only, let's encrypt installs SSL without any issue.

 

[Beherit]

I use IPv4 and IPv6 for all my domains and I don't have such a problem. Maybe try to do rewrite config before:

cd /usr/local/directadmin/custombuild
./build rewrite_confs

 

[Meiji]

I use IPv4 and IPv6 for all my domains and I don't have such a problem. Maybe try to do rewrite config before:

It's weird. I can recreate the issue any number of times, on any number of fresh installations.

I tried reqrite_confs. It solves the problem of the domain that was having the issue.

Delete the user, add again and the SSL issue reappears.

Doing rewrite_confs solves the issue again.

It is not realistic if I have to reqrite_confs every time a user adds a domain.

 

[Richard G]

Fresh install..... You might want to consider to send in a ticket, could be some bug.

 

[Meiji]

Fresh install..... You might want to consider to send in a ticket, could be some bug.

The DA license was not bought from DA, it is an internal license from an unmanaged provider. I am not sure whether I am eligible for this type of support.

 

[Beherit]

It could be some bug or wrong configuration of IPv6 if rewrite_confs solved the problem.

 

[mhsolutions]

I run ./build rewrite_confs but do not use ipv6
Checking to ensure /etc/httpd/conf/ssl.crt/server.ca is set.
Using x.x.x.x for your server IP
Debug mode. Level 10

Installing Comodo Rule Set for ModSecurity...
-=O=- # # # #
Updating to latest CWAF client version
current version is up to date
update process finished!
Defaulting to Comodo WAF SecDefaultAction...
Installation of ModSecurity Rule Set has been finished.
PHP has been secured.
Restarting php-fpm74.
Defaulting to Comodo WAF SecDefaultAction...
Restarting apache.

 

[zEitEr]

If you have IPv6 in DNS but do not have it in a webserver, then:

- You either use remote nameserver, which are not in sync with DirectAdmin. Or added IPv6 in DNS manually
- IPv6 might be missing in a webserver, when no IPv6 is added in DirectAdmin at admin level.

So you might need to add an IPv6 in DirectAdmin and link it to IPv4: Admin Level -> IP Manager -> click the IP -> link IP

Related:

- https://docs.directadmin.com/directadmin/general-usage/managing-ips.html#ipv6-how-to

 

[mhsolutions]

OK. Thanks!