Author Topic: AUTOSLL problem fixed by disabling IPV6  (Read 3282 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
AUTOSLL problem fixed by disabling IPV6
« on: February 15, 2022, 06:20:05 AM »
If you are having issues with with AutoSSL installing this may work for you.

Some of my sites would get the SSL and others would not, my hostname refused to install. My log would show

[Mon Feb 14 21:33:00 PST 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mon Feb 14 21:33:00 PST 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Mon Feb 14 21:34:19 PST 2022] _ret='0'
[Mon Feb 14 21:34:19 PST 2022] code='400'
[Mon Feb 14 21:34:19 PST 2022] It seems the CA server is busy now, let's wait and retry. Sleeping 1 seconds.
[Mon Feb 14 21:34:20 PST 2022] HEAD
[Mon Feb 14 21:34:20 PST 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Mon Feb 14 21:34:20 PST 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  -I  '
[Mon Feb 14 21:35:08 PST 2022] _ret='0'
[Mon Feb 14 21:35:08 PST 2022] code='400'
[Mon Feb 14 21:35:08 PST 2022] It seems the CA server is busy now, let's wait and retry. Sleeping 1 seconds.
[Mon Feb 14 21:35:09 PST 2022] HEAD
[Mon Feb 14 21:35:09 PST 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Mon Feb 14 21:35:09 PST 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  -I  '
[Mon Feb 14 21:36:28 PST 2022] _ret='0'
[Mon Feb 14 21:36:28 PST 2022] POST

After trying some curl commands nothing would happen and it would try to connect using an IPV6 address.

Using this guys steps I disabled IPV6 (https://www.unixmen.com/disable-ipv6-centos-7/) and I was immediately able to connect via CURL after trying a few via CLI.

After going back into CWP and hitting change hostname it installed almost immediately. Problem solved for me! I have been batteling this for over a week many hours a day. In hope this helps you below are the commands from the link above.

Code: [Select]
echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6

or,

Code: [Select]
sysctl -w net.ipv6.conf.all.disable_ipv6=1
sysctl -w net.ipv6.conf.default.disable_ipv6=1

Edit /etc/ssh/sshd_config file,

Code: [Select]
vi /etc/ssh/sshd_config
Find the line;

Code: [Select]
#AddressFamily any
And. change it to:

Code: [Select]
AddressFamily inet
Hope this helps you.

Offline
*
Re: AUTOSLL problem fixed by disabling IPV6
« Reply #1 on: March 01, 2022, 05:38:55 PM »
Seems like the above procedure resets back to enabling IPV6 at reboot. The process below seems to make in permanent.

Post describes procedure to disable IPv6 on CentOS/RHEL 7. There are 2 ways to do this :
1. Disable IPv6 in kernel module (requires reboot)
2. Disable IPv6 using sysctl settings (no reboot required)

To verify if IPv6 is enabled or not, execute :

# ifconfig -a | grep inet6
        inet6 fe80::211:aff:fe6a:9de4  prefixlen 64  scopeid 0x20
        inet6 ::1  prefixlen 128  scopeid 0x10[host]

1. Disable IPv6 in kernel module (requires reboot)

1. Edit /etc/default/grub and add ipv6.disable=1 in line GRUB_CMDLINE_LINUX, e.g.:

# cat /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="ipv6.disable=1 crashkernel=auto rhgb quiet"
GRUB_DISABLE_RECOVERY="true"

2. Regenerate a GRUB configuration file and overwrite existing one:

# grub2-mkconfig -o /boot/grub2/grub.cfg

3. Restart system and verify no line “inet6” in “ip addr show” command output.

# shutdown -r now

# ip addr show | grep net6

2. Disable IPv6 using sysctl settings (no reboot required)

1. Append below lines in /etc/sysctl.conf:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

NOTE : To disable IPv6 on a single interface add below lines to /etc/sysctl.conf :
net.ipv6.conf.[interface].disable_ipv6 = 1 ### put interface name here [interface]
net.ipv6.conf.default.disable_ipv6 = 1


Offline
***
Re: AUTOSLL problem fixed by disabling IPV6
« Reply #2 on: March 01, 2022, 10:59:51 PM »
I dont know how you complicated the method of disabling IPv6, but here's how you do it easily and fast:

- Edit your network adapter settings (check adapter name with ifconfig)
/etc/sysconfig/network-scripts/ifcfg-****
Change to IPV6INIT=no

- Disable ipv6 for named if you are running a DNS server
/etc/sysconfig/named
add this: OPTIONS="-4"

- Edit this:
/etc/sysctl.conf
add this:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

and then restart server anyways