Not Able to Generate Certs Due to IPv6 Subnet

[netlander]

Using a vanilla three container solutions with Whoami for testing, nothing custom.

The only thing that's causing this issue is an AWS EC2 instance running inside an IPv6 only PVC, meaning no public IPv4. Running this same vanilla test on a dual stack VPC runs absolutely fine.

Here is the error:

Can not init api for: https://acme-v02.api.letsencrypt.org/directory.

Then times out and tries again a minute later with the same result.

Is there a setting I need to change to get acme-companion to successfully access the api endpoint and generate the necessary certs?

[rosalesponcer]

Hi, I had the same setup (EC2 with IPv6 only) and managed to solve it. In my case, the issue was that Docker, by default, creates networks with IPv4 support only.

If you're using a custom network for the containers you're running, make sure that network is enabled to support IPv6 (it’s disabled by default). To check if your container’s network has IPv6 support, you can run the following command:

docker network inspect [netwok_name]

In the output, you should see the property:

"EnableIPv6": true

If IPv6 is not enabled, you can follow Docker's official guide to configure it. Here’s the link:

IPv6 Configuration in Docker

In my case, I used the configuration through the daemon.json file. Depending on your needs, you can choose the option that works best for you.