Introduction
Often, cPanel utilities such as AutoSSL end up failing due to IPv6 networking issues on the server. It is possible to determine whether IPv6 is enabled on your host and also if your host is able to make outbound connections via IPv6.
Procedure
One of the most common reasons to suspect IPv6 issues is when you are running AutoSSL for a user and run into errors like this.
[root@host:~[oot@host ~]cPs# /usr/local/cpanel/bin/autossl_check --user=cpaneluser
...
[1602627070] libunbound[22761:0] info: error sending query to auth server 2001:7fe::53 port 53
[1602627070] libunbound[22761:0] info: resolving dns4.p01.nsone.net. A IN
[1602627070] libunbound[22761:0] info: error sending query to auth server 2001:dc3::35 port 53
[1602627070] libunbound[22761:0] info: error sending query to auth server 2001:503:c27::2:30 port 53
[1602627070] libunbound[22761:0] info: resolving dns4.p01.nsone.net. AAAA IN
[1602627070] libunbound[22761:0] info: resolving dns3.p01.nsone.net. A IN
[1602627070] libunbound[22761:0] info: error sending query to auth server 2001:7fd::1 port 53
[1602627070] libunbound[22761:0] info: error sending query to auth server 2001:500:12::d0d port 53
[1602627070] libunbound[22761:0] info: error sending query to auth server 2001:500:a8::e port 53
[1602627070] libunbound[22761:0] info: response for dns3.p01.nsone.net. A IN
[1602627070] libunbound[22761:0] info: reply from <.> 123.123#53
First, we want to ensure that IPv6 support is enabled on your server by checking the /proc/net/if_inet6 file.
[root@cltest ~]# cat /proc/net/if_inet6
00000000000000000000000000000001 01 80 10 80 lo
2620000028a4a05cf8163efffe02812f 02 40 00 00 eth0
fe80000000000000f8163efffe02812f 02 40 20 80 eth0
If you run this command and get a "No such file or directory" error for the if_inet6 file, it is likely that IPv6 support is not configured on your host and you will want to reach out to your networking administrator. However, if IPv6 support is enabled, we need to ensure that your server's networking and firewall are configured to allow outbound connections via IPv6.
The first test we can initiate is to simply ping a domain like google.com over IPv6 to see if we get a response back. If your server cannot connect to IPv6 addresses, you will see 100% packet loss or a "Network is unreachable error".
[root@host ~]cPs# ping6 google.com
connect: Network is unreachable
When configured properly, the ping will be successful.
-bash-4.2# ping6 google.com
PING google.com(dfw25s16-in-x0e.1e100.net (2607:f8b0:4000:80f::200e)) 56 data bytes
64 bytes from dfw25s16-in-x0e.1e100.net (2607:f8b0:4000:80f::200e): icmp_seq=1 ttl=114 time=17.4 ms
64 bytes from dfw25s16-in-x0e.1e100.net (2607:f8b0:4000:80f::200e): icmp_seq=2 ttl=114 time=21.4 ms
You can also use the cpdig tool to look for IPv6 issues. This would be common when troubleshooting AutoSSL issues as well. We have an article written regarding this process.
How to diagnose AutoSSL issues using /scripts/cpdig
For more information on IPv6 administration, I would highly recommend the following document.
Comments
0 comments
Article is closed for comments.