https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162017-05-04T02:51:10ZpfSense bugtrackerpfSense Packages - Feature #7519: Add support for --listen-v6 to ACME standalone webserverhttps://redmine.pfsense.org/issues/7519?journal_id=326892017-05-04T02:51:10ZJim Thompsonjim@netgate.com
<ul><li><strong>Assignee</strong> set to <i>Jim Pingle</i></li></ul> pfSense Packages - Feature #7519: Add support for --listen-v6 to ACME standalone webserverhttps://redmine.pfsense.org/issues/7519?journal_id=326902017-05-04T02:51:37ZJim Thompsonjim@netgate.com
<ul><li><strong>Category</strong> set to <i>ACME</i></li></ul> pfSense Packages - Feature #7519: Add support for --listen-v6 to ACME standalone webserverhttps://redmine.pfsense.org/issues/7519?journal_id=352282017-11-25T08:18:27ZPim Pishjochen@winteltosh.de
<ul></ul><p>The acme.sh script also knows the <em>ncaddr</em> variable. If it is set to a specific IPv6 address all works so no modifications to the script should be necessary. Just mentioning as it might be another way of approaching this while the script seems already to be IPv6 capable.</p> pfSense Packages - Feature #7519: Add support for --listen-v6 to ACME standalone webserverhttps://redmine.pfsense.org/issues/7519?journal_id=352302017-11-25T22:34:16ZMichael Duller
<ul></ul><p>Pim, thanks for the info about <code>ncaddr</code>. My request was not about the script itself but about the UI, to provide a an option in the UI that passes "--listen-v6" or the "ncaddr", for example.</p> pfSense Packages - Feature #7519: Add support for --listen-v6 to ACME standalone webserverhttps://redmine.pfsense.org/issues/7519?journal_id=352432017-11-28T03:10:12ZDavid Summers
<ul></ul><p>+1</p>
<p>I just ran into this today. I tried to get the Lets Encrypt working. I only have an IPv6 DNS name associated with this pfsense router.</p>
<p>I found out that the ACME script seems to only listen on the IPv4 address. If there could be either a way to force IPv6 (--listen-ipv6) or give the specific address to listen on then that should fix the issue.</p>
<p>I had to hack the script to add the --listen-ipv6 option and then everything worked great.</p>
<p>Other than that one problem, the whole ACME / Let's Encrypt seems to work great on PfSense.</p>
<p>Thanks!</p> pfSense Packages - Feature #7519: Add support for --listen-v6 to ACME standalone webserverhttps://redmine.pfsense.org/issues/7519?journal_id=355102018-01-04T18:43:37ZChaos215 Bar2
<ul></ul><p>Another +1.</p>
<p>I'm using HAProxy to allow multiple hosts behind a router to issue Let's Encrypt certificates, using HTTP verification with traffic routed based on domain. I literally spent hours trying to figure out why this wasn't working with the HAProxy backend sending traffic to localhost. Turns out, the problem was simply that HAProxy was trying to open a connection to ::1, and Acme wasn't listening for IPv6 connections.</p>
<p>Looks like Let's Encrypt does support IPv6 [[<a class="external" href="https://letsencrypt.org/2016/07/26/full-ipv6-support.html">https://letsencrypt.org/2016/07/26/full-ipv6-support.html</a>]], so this has the potential to affect even much more straightforward setups.</p> pfSense Packages - Feature #7519: Add support for --listen-v6 to ACME standalone webserverhttps://redmine.pfsense.org/issues/7519?journal_id=355142018-01-05T11:02:30ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Resolved</i></li></ul><p>This is implemented in the ACME package version 0.1.33, for HTTP and TLS standalone entries there is now a checkbox to bind to IPv6 instead of IPv4. The acme.sh script doesn't support both at the moment, so it can only bind to v4 (current default and what you get when the box is unchecked) or IPv6 (check the box).</p>