Problems with AutoSSL IPv6 connection

Peter Horvath

• January 04, 2022 10:46

Hi, Since a while I see the next warning messages in some cPanel AutoSSL renewal sections: "DNS DCV: No local authority: "mail.vadasmihaly.com"; HTTP DCV: The system failed to fetch the DCV (Domain Control Validation) file at " because of an error (cached): Could not connect to '2606:4700:3033:0000:0000:0000:ac43:9fae:80': Address family for hostname not supported." or " DNS DCV: No local authority: "mail.yangfamilytaichi.hu"; HTTP DCV: The system failed to fetch the DCV (Domain Control Validation) file at " because of an error (cached): Could not connect to '2606:4700:3030:0000:0000:0000:6815:0ba0:80': Address family for hostname not supported." I have absolutely no any idea what does it mean? On our VPS there is no such IPv6, so I don't recognize the source of these issues at all. The domain existing with CloudFlare free settings, however it were no any problems until the last few weeks. Have you any suggestion how to solve this issue? Thank you! Best regards, Peter

• 

  andrew.n

  • January 04, 2022 17:09

  I'm happy to see a fellow hungarian here :) I'm pretty sure you have IPV6 enabled on the server. Can you run the following commands there? ip a cat /etc/resolv.conf cat /etc/sysconfig/network and paste here the output.

  0
• 

  cPanelAnthony

  • January 04, 2022 22:08

  Hello! I wrote an article regarding IPv6 issues and how to troubleshoot them. Can you let me know if this helps?

  0
• 

  Peter Horvath

  • January 05, 2022 04:51

  I'm happy to see a fellow hungarian here :) I'm pretty sure you have IPV6 enabled on the server. Can you run the following commands there? ip a cat /etc/resolv.conf cat /etc/sysconfig/network and paste here the output.

  
  Hi andrew.n, thank you for your recognition being a Hungarian. :) Here are the outputs: [root@szangye ~]# ip a 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:50:56:43:ad:27 brd ff:ff:ff:ff:ff:ff inet 161.97.184.109/22 brd 161.97.187.255 scope global eth0 valid_lft forever preferred_lft forever inet 109.205.177.1/22 brd 109.205.179.255 scope global eth0:cp1 valid_lft forever preferred_lft forever [root@szangye ~]# cat /etc/resolv.conf search invalid nameserver 213.136.95.10 nameserver 213.136.95.11 [root@szangye ~]# cat /etc/sysconfig/network HOSTNAME=szangye.hostingnetwork2.eu DOMAINNAME=hostingnetwork2.eu Additionally, sure, I have an IPv6 address pool for this VPS, however I never activated it. In the meantime, however, it turned out that the root of the problem was in CloudFlare, I tried quite a few things, but the solution for the time being was to temporarily disable CloudFlare on the affected domains. So all AutoSSL updates ran. In the WHM I switched the SSL installations from Sectigo to Let's Encrypt, as I read in several articles that CF redirects are handled by this, not by Sectigo, but this did not yield any results. This is where I am now.

  0
• 

  Peter Horvath

  • January 05, 2022 04:58

  Hello! I wrote an article regarding IPv6 issues and how to troubleshoot them. Can you let me know if this helps?

  0
• 

  cPanelAnthony

  • January 05, 2022 22:30

  Hello! It definitely looks like there are some IPv6 issues here. Would it be possible to reach out to a systems administrator to troubleshoot?

  0
• 

  andrew.n

  • January 06, 2022 16:56

  Hey Peter, looks like you got it figured but if you still having issues feel free to drop me an email or

  0
• 

  WorkinOnIt

  • April 26, 2022 05:14

  Is there a way to avoid the Auto SSL using IPV6? We have IPV6 disabled on our VPS

  0
• 

  cPRex Jurassic Moderator

  • April 26, 2022 15:32

  @WorkinOnIt - did the article that Anthony posted not help with the situation?

  0
• 

  WorkinOnIt

  • April 29, 2022 02:27

  @WorkinOnIt - did the article that Anthony posted not help with the situation?

  
  Are you referring to this one: [QUOTE]Hello! I wrote an article regarding IPv6 issues and how to troubleshoot them. Can you let me know if this helps? www.domain.com"; HTTP DCV: The system failed to fetch the DCV (Domain Control Validation) file at "Website Domain Names, Online Stores & Hosting - Domain.com because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) "GET" request to "Website Domain Names, Online Stores & Hosting - Domain.com because of an error: Could not connect to 'www.domain.com" resolved to an IP address "2606:4700:3035:0000:0000:0000:ac43:97a3" that does not exist on this server. EDIT: Curiously, I find that if I delete the SSL Hosts certificate for the domain - then try again with Let's Encrypt - it actually renews the subdomain now..... but how frustrating to need to do that each time!

  0
• 

  cPRex Jurassic Moderator

  • April 29, 2022 14:17

  Just for fun, what is the output of "route -n" on your system? Just make sure to obscure the IP addresses, but I"m interested to see if there are any IPv6 routes configured.

  0
• 

  WorkinOnIt

  • April 29, 2022 22:37

  @cPRex this is what I see [root@ rb#3 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 45.##.##.# 0.0.0.0 UG 0 0 0 eth0 45.##.##.# 0.0.0.0 255.##.##.# U 0 0 0 eth0 149.##.###.# 0.0.0.0 255.##.##.# U 0 0 0 eth0 169.###.#.# 0.0.0.0 255.##.##.# U 0 0 0 eth0 169.###.#.# 0.0.0.0 255.##.##.# U 1002 0 0 eth0

  0
• 

  cPRex Jurassic Moderator

  • May 02, 2022 15:01

  Thanks for that - I really don't have a good explanation why that particular machine would be pulling an IPv6 address for AutoSSL. Could you submit a ticket to our support team so we can check that directly on the system?

  0

Please sign in to leave a comment.