SSL/SNI over IPv6

[enbystander]

Hi all,

I am currently testing DirectAdmin to see if it would be better for my current purposes than what I am using and I am having a dealbreaking issue at the moment.

When I use LetsEncrypt and install the certificate on a domain name, the IPv4 address works fine with SSL but the IPv6 connection still uses the hostname, the IPv6 is linked to the IPv4 and I have even tried adding it as an extra to the account.

I tried googling but couldn't find anything - I have done rewrite_confs, etc - all not fixed the issue.

Any clue?

 

[factor]

So you did all of this yes?

https://help.directadmin.com/item.php?id=353

Do you have AAAA records setup?

 

[enbystander]

First thing I did. I do have AAAA records set up.

I ended up giving up with binding IPs and just assigned the users that I wanted to run on v6 the addresses manually. Not ideal - but it works.

 

[dfz]

First thing I did. I do have AAAA records set up.

I ended up giving up with binding IPs and just assigned the users that I wanted to run on v6 the addresses manually. Not ideal - but it works.

Hi @enbystander, I have ran into the same issue as well. I however still use DirectAdmin, the major problem with this is that if you host a new site for your client and they access it via their cellphone/mobile most cell providers now support IPv6 and they link to the site via ipv6 instead of ipv4.

This will result in getting the dreaded SSL certificate error message, followed by a support ticket or a phone call from the client. The issue surfaces both on their website and Webmail link. So what I do is just disable ipv6 for them, and only set it up if the client needs it/requests it.

I still use IPv6 on my servers but planning on ditching it since I have more than one IPv6 address per box and have to constantly juggle them so that exim sends e-mail outbound on the one that has PTR records... between this issue with SSL certs and Exim i will probably ditch IPv6 all together soon.