On Mon, Sep 23, 2019 at 05:13:10PM +0300, [email protected] wrote: > >Synopsis: acme-client does not work on IPv6-only host > >Category: > >Environment: > System : OpenBSD 6.5 > Details : OpenBSD 6.5 (GENERIC.MP) #3: Sat Apr 13 14:48:43 MDT 2019 > > [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > Architecture: OpenBSD.amd64 > Machine : amd64 > >Description: > I have a IPv6-only host, which requires TLS certificate. > The host has no assigned addresses. > Running `doas acme-client -vv <my.hostname.tld>` gives such output > acme-client: /etc/ssl/private/<my.hostname.tld>.key: loaded RSA domain > key > acme-client: /etc/acme/letsencrypt-privkey.pem: loaded RSA account key > acme-client: https://acme-v01.api.letsencrypt.org/directory: directories > acme-client: acme-v01.api.letsencrypt.org: DNS: 23.32.101.137 > acme-client: 23.32.101.137: connect: Can't assign requested address > acme-client: https://acme-v01.api.letsencrypt.org/directory: bad comm > acme-client: bad exit: netproc(90892): 1 > > According to tcpdump acme-client requests A and AAAA DNS records for > acme-v01.api.letsencrypt.org and then tries to connect to IPv4 address. > > >How-To-Repeat: > Use acme-client on IPv6-only host. > >Fix: > Not known.
adding family inet6 inet4 to /etc/resolv.conf is probably your best bet. That has a good chance of also fixing other programs. We should probably look at adding AI_ADDRCONFIG to getaddrinfo calls, but that's more involved and a long term project. -- I'm not entirely sure you are real.
