Our Let’s encrypt certificate failed to renew today. It was because the server is not responding on IPv6. For now we fixed it by removing the IPv6 entry from the DNS.
I guess this was working before, but I don’t really know. I’m not sure what to check here. Any pointers?
The firewall seems ok:
$ sudo ufw status
Status: active
To Action From
-- ------ ----
[...]
80 (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
But it’s only listening on IPv4:
$ ss -tulpn | grep -e 80 -e 443
tcp LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
tcp LISTEN 0 128 0.0.0.0:443 0.0.0.0:*