I have had a problem with an SD card on a Raspberry Pi, so I thought I’d start again.
Install Buster on the Pi, then install Sympl, then create a website.
The problem comes there. When I run sudo sympl-ssl it tells me “Applying IPv6 only workaround…” and then I’m stuck.
My network connection has no IPv6. Why can’t it use IPv4?
There is DDNS pointing to my external IP but of course that changes from time to time.
I think I must have missed a step out, but where?
“Applying IPv6 only workaround…” is part of the wrapper script for the current sympl-ssl to handle IPv6 only environments, and does a dig lookup for the Let’s Encrypt endpoint and temporarily inserts in into /etc/hosts, as the old ruby libraries it uses fall over in v6 only.
If it’s stalling at that point, check DNS resolution is properly configured for the host.
“check DNS resolution is properly configured for the host”
How?
sympl@raspberrypi:~ $ sudo ifconfig -a
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.19 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::b50:c7ac:1d5b:1911 prefixlen 64 scopeid 0x20
ether dc:a6:32:3d:e7:b4 txqueuelen 1000 (Ethernet)
RX packets 2540 bytes 1948263 (1.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1482 bytes 126020 (123.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 352 bytes 35432 (34.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 352 bytes 35432 (34.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether dc:a6:32:3d:e7:b7 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
is what I get, but is it correct?
sympl@raspberrypi:~ $ ping sympl.host
PING sympl.host (46.235.231.141) 56(84) bytes of data.
64 bytes from sympl.vs.mythic-beasts.com (46.235.231.141): icmp_seq=1 ttl=49 time=65.3 ms
64 bytes from sympl.vs.mythic-beasts.com (46.235.231.141): icmp_seq=2 ttl=49 time=65.4 ms
suggests that DNS is working
sympl@raspberrypi:~ $ ping letsencrypt.org
PING letsencrypt.org (167.99.137.12) 56(84) bytes of data.
even for that address
but not for this
sympl@raspberrypi:~ $ ping acme-v02.api.letsencrypt.org
connect: Network is unreachable
yet the address is
sympl@raspberrypi:~ $ ping 172.65.32.248
PING 172.65.32.248 (172.65.32.248) 56(84) bytes of data.
64 bytes from 172.65.32.248: icmp_seq=1 ttl=52 time=82.4 ms
DHCP seems to be running:
sympl@raspberrypi:~ $ sudo service --status-all
[ - ] alsa-utils
[ - ] apache-htcacheclean
[ + ] apache2
[ + ] avahi-daemon
[ + ] bluetooth
[ - ] clamav-daemon
[ - ] clamav-freshclam
[ - ] console-setup.sh
[ + ] cron
[ + ] dbus
[ + ] dhcpcd
[ + ] dovecot
[ + ] dphys-swapfile
[ + ] exim4
[ + ] fake-hwclock
[ - ] hwclock.sh
[ - ] keyboard-setup.sh
[ + ] kmod
[ + ] mysql
[ + ] networking
[ - ] nfs-common
[ + ] openbsd-inetd
[ - ] paxctld
[ + ] procps
[ + ] pure-authd
[ + ] pure-ftpd
[ + ] raspi-config
[ ? ] rng-tools
[ - ] rpcbind
[ - ] rsync
[ + ] rsyslog
[ - ] screen-cleanup
[ - ] smartmontools
[ - ] spamassassin
[ + ] ssh
[ - ] sudo
[ - ] sympl-core
[ + ] sympl-mail-dict-proxy
[ + ] sympl-mail-poppassd
[ + ] triggerhappy
[ + ] udev
[ + ] unattended-upgrades
That’s your problem, and unfortunately not something Sympl related (at least directly).
It may be LE are blocking your network (too many failed queries), or the ISP is, or something else - you should be able to use mtr though to diagnose it and find out where it getting blocked.
Although mtr works for other destinations, I get
sudo mtr acme-v02.api.letsencrypt.org
mtr: udp socket connect failed: Network is unreachable
The one advantage of this slow connection is that I’m pretty sure the failure is too quick to be remote!
Interesting: same hardware, different SD card, no Sympl
pi@pi4fan:~ $ mtr: udp socket connect failed: Network is unreachable
-bash: mtr:: command not found
pi@pi4fan:~ $ ping acme-v02.api.letsencrypt.org
PING ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com (172.65.32.248) 56(84) bytes of data.
64 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=1 ttl=50 time=54.1 ms
Hmmm. Tried again.
New SD in Pi4. New Buster install
ping acme-v02.api.letsencrypt.org - works
Install Sympl
ping acme-v02.api.letsencrypt.org - works
sympl create web hostname.uk
sudo sympl-ssl --verbose “Applying IPv6 only workaround…”
ping acme-v02.api.letsencrypt.org
connect: Network is unreachable
acme-v02.api.letsencrypt.org appears to be a cloudflare address.
Maybe you’re blocked by cloudflare for some reason?
It worked fine until I used sympl to create a web site. Then it didn’t work at all, one minute later.
No, the problem seems to be within sympl or something it is doing.
Edit /etc/hosts and remove any lines mentioning Let’s Encrypt, then run sudo sympl-ssl.rb (not the regular sympl-ssl), and see what happens.
That seems to have made it pingable again. Is that the fix, or are there more steps?