Hello,
I have the problem that ACME does not recognise my IPv6 address:
acme-mailcow_1 | Sun Jan 31 15:12:27 CET 2021 - Waiting for containers to settle...
acme-mailcow_1 | Sun Jan 31 15:12:37 CET 2021 - Certificates were successfully renewed where required, sleeping for another day.
acme-mailcow_1 | Sun Jan 31 15:13:44 CET 2021 - Waiting for Docker API...
acme-mailcow_1 | Sun Jan 31 15:13:44 CET 2021 - Docker API OK
acme-mailcow_1 | Sun Jan 31 15:13:44 CET 2021 - Waiting for Postfix...
acme-mailcow_1 | Sun Jan 31 15:13:44 CET 2021 - Postfix OK
acme-mailcow_1 | Sun Jan 31 15:13:44 CET 2021 - Waiting for Dovecot...
acme-mailcow_1 | Sun Jan 31 15:13:44 CET 2021 - Dovecot OK
acme-mailcow_1 | Sun Jan 31 15:13:44 CET 2021 - Waiting for database...
acme-mailcow_1 | Sun Jan 31 15:13:44 CET 2021 - Database OK
acme-mailcow_1 | Sun Jan 31 15:13:44 CET 2021 - Waiting for Nginx...
acme-mailcow_1 | Sun Jan 31 15:13:44 CET 2021 - Nginx OK
acme-mailcow_1 | Sun Jan 31 15:13:44 CET 2021 - Waiting for resolver...
acme-mailcow_1 | Sun Jan 31 15:13:44 CET 2021 - Resolver OK
acme-mailcow_1 | Sun Jan 31 15:13:44 CET 2021 - Waiting for domain table...
acme-mailcow_1 | OK
acme-mailcow_1 | Sun Jan 31 15:13:44 CET 2021 - Initializing, please wait...
acme-mailcow_1 | Sun Jan 31 15:13:44 CET 2021 - Using existing domain rsa key /var/lib/acme/acme/key.pem
acme-mailcow_1 | Sun Jan 31 15:13:44 CET 2021 - Using existing Lets Encrypt account key /var/lib/acme/acme/account.pem
acme-mailcow_1 | Sun Jan 31 15:13:45 CET 2021 - Detecting IP addresses...
acme-mailcow_1 | Sun Jan 31 15:14:21 CET 2021 - OK: xxx.xxx.xxx.xxx, 0000:0000:0000:0000:0000:0000:0000:0000
My ip6tables rules:
ip6tables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER-USER
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-A INPUT -p tcp -m tcp --dport 57462 -j ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o br-mailcow -j DOCKER
-A FORWARD -o br-mailcow -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i br-mailcow ! -o br-mailcow -j ACCEPT
-A FORWARD -i br-mailcow -o br-mailcow -j ACCEPT
-A DOCKER-USER -j RETURN
-A DOCKER -d fd4d:6169:6c63:6f77::11/128 ! -i br-mailcow -o br-mailcow -p tcp -m tcp --dport 993 -j ACCEPT
-A DOCKER -d fd4d:6169:6c63:6f77::11/128 ! -i br-mailcow -o br-mailcow -p tcp -m tcp --dport 995 -j ACCEPT
-A DOCKER -d fd4d:6169:6c63:6f77::11/128 ! -i br-mailcow -o br-mailcow -p tcp -m tcp --dport 110 -j ACCEPT
-A DOCKER -d fd4d:6169:6c63:6f77::11/128 ! -i br-mailcow -o br-mailcow -p tcp -m tcp --dport 143 -j ACCEPT
-A DOCKER -d fd4d:6169:6c63:6f77::11/128 ! -i br-mailcow -o br-mailcow -p tcp -m tcp --dport 4190 -j ACCEPT
-A DOCKER -d fd4d:6169:6c63:6f77::12/128 ! -i br-mailcow -o br-mailcow -p tcp -m tcp --dport 25 -j ACCEPT
-A DOCKER -d fd4d:6169:6c63:6f77::12/128 ! -i br-mailcow -o br-mailcow -p tcp -m tcp --dport 465 -j ACCEPT
-A DOCKER -d fd4d:6169:6c63:6f77::12/128 ! -i br-mailcow -o br-mailcow -p tcp -m tcp --dport 587 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i br-mailcow ! -o br-mailcow -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o br-mailcow -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
# Warning: ip6tables-legacy tables present, use ip6tables-legacy to see them
If I change -P INPUT DROP to -P INPUT ACCEPT, ACME works without problems. So I assume that a firewall rule is missing.
Can anyone tell me what it is and why it is not in the iptables by default?
Thank you very much.