pfSense » pfSense Packages

The acme.sh script also knows the ncaddr variable. If it is set to a specific IPv6 address all works so no modifications to the script should be necessary. Just mentioning as it might be another way of approaching this while the script seems already to be IPv6 capable.

Pim, thanks for the info about ncaddr. My request was not about the script itself but about the UI, to provide a an option in the UI that passes "--listen-v6" or the "ncaddr", for example.

+1

I just ran into this today. I tried to get the Lets Encrypt working. I only have an IPv6 DNS name associated with this pfsense router.

I found out that the ACME script seems to only listen on the IPv4 address. If there could be either a way to force IPv6 (--listen-ipv6) or give the specific address to listen on then that should fix the issue.

I had to hack the script to add the --listen-ipv6 option and then everything worked great.

Other than that one problem, the whole ACME / Let's Encrypt seems to work great on PfSense.

Thanks!

Another +1.

I'm using HAProxy to allow multiple hosts behind a router to issue Let's Encrypt certificates, using HTTP verification with traffic routed based on domain. I literally spent hours trying to figure out why this wasn't working with the HAProxy backend sending traffic to localhost. Turns out, the problem was simply that HAProxy was trying to open a connection to ::1, and Acme wasn't listening for IPv6 connections.

Looks like Let's Encrypt does support IPv6 [[https://letsencrypt.org/2016/07/26/full-ipv6-support.html]], so this has the potential to affect even much more straightforward setups.