Symptoms
You may receive one of the following errors when running AutoSSL where "IPv6_address" is an actual IPv6 address:
Local HTTP DCV error (exampledomain.tld): The system failed to fetch the DCV (Domain
ControlValidation) file at “http://exampledomain.tld/.well-known/pki-validation/dcvfile.txt”
because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) “GET”
request to “http://exampledomain.tld/.well-known/pki-validation/dcvfile.txt” because of an error:
Could not connect to 'exampledomain.tld:80': Network is unreachable. The domain
“exampledomain.tld” resolved to an IP address “IPv6_address” that does not exist on this server.
Or:
WARN Local HTTP DCV error (exampledomain.tld): The system failed to fetch the DCV (Domain
ControlValidation) file at “http://exampledomain.tld/.well-known/pki-validation/dcvfile.txt
” because of an error (cached): Could not connect to 'IPv6_address:80':
Network is unreachable.
Description
A domain may resolve to an IPv6 address that does not exist on the server and an IPv4 address that does exist on the server. Most certificate authorities, including those used by AutoSSL, will not fall back to IPv4 during HTTP DCV checks when IPv6 fails.
For AutoSSL to request an SSL certificate for a domain, the domain must resolve to an IPv6 address that exists on the server or only resolve to an IPv4 address that exists on the server.
Workaround
Option 1: Ensure the domain resolves to an IPv6 address on the server and rerun AutoSSL.
Option 2: If the domain resolves to an IPv4 address that does exist on the server, remove or disable the AAAA DNS record being used to point the domain to an IPv6 address and rerun AutoSSL.
Comments
0 comments
Article is closed for comments.