[GH-ISSUE #63] Mention in README that IPv6-only is OK? #23

New issue

Open

opened 2026-03-13 15:24:10 +03:00 by kerem · 1 comment

kerem commented

2026-03-13 15:24:10 +03:00

Owner

Originally created by @Daniel15 on GitHub (Mar 18, 2018).
Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/63

I was considering adding this to add this to the README, but I'm not quite sure where it would fit.

Let's Encrypt fully supports IPv6-only servers, both for http-01 challenges as well as dns-01 challenges. Commonly, IPv4 addresses are very limited in number while IPv6 addresses are abundant. As an example, I've got a VPS that just has a single IPv4 address and an entire /64 IPv6 range (2^64 addresses)!

This can lead to cases where someone might only have IPv6 addresses available for use. A common example is where a server only has one IPv4 address that's already being used by some other DNS service. In cases like this, binding acme-dns just to an IPv6 address is totally fine.

My configuration looks like:

[general]
# dns interface
listen = "[2605:6400:20:92e::eff]:53"
# protocol, "udp", "udp4", "udp6" or "tcp", "tcp4", "tcp6"
protocol = "udp6"
...

[api]
...
# listen ip, default "" listens on all interfaces/addresses
ip = "[2605:6400:20:92e::eff]"

Note that ip under api needs to be in square brackets when listening to an IPv6 address.

Originally created by @Daniel15 on GitHub (Mar 18, 2018). Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/63 I was considering adding this to add this to the README, but I'm not quite sure where it would fit. Let's Encrypt fully supports IPv6-only servers, both for http-01 challenges as well as dns-01 challenges. Commonly, IPv4 addresses are very limited in number while IPv6 addresses are abundant. As an example, I've got a VPS that just has a single IPv4 address and an entire /64 IPv6 range (2^64 addresses)! This can lead to cases where someone might only have IPv6 addresses available for use. A common example is where a server only has one IPv4 address that's already being used by some other DNS service. In cases like this, binding acme-dns just to an IPv6 address is totally fine. My configuration looks like: ``` [general] # dns interface listen = "[2605:6400:20:92e::eff]:53" # protocol, "udp", "udp4", "udp6" or "tcp", "tcp4", "tcp6" protocol = "udp6" ... [api] ... # listen ip, default "" listens on all interfaces/addresses ip = "[2605:6400:20:92e::eff]" ``` Note that `ip` under `api` needs to be in square brackets when listening to an IPv6 address.

kerem added the

Documentation

label

2026-03-13 15:24:10 +03:00

kerem commented

2026-03-13 15:24:21 +03:00

Author

Owner

@joohoi commented on GitHub (Mar 20, 2018):

I think that the best place to mention this would be the configuration comments, especially noting that the API.ip needs to have the square bracketed variant. The Go net library is a complete mess regarding IPv6 notations.

So my suggestion is adding these to the configuration section of README.md and the config.cfg itself as comments.

@joohoi commented on GitHub (Mar 20, 2018): I think that the best place to mention this would be the configuration comments, especially noting that the `API.ip` needs to have the square bracketed variant. The Go net library is a complete mess regarding IPv6 notations. So my suggestion is adding these to the configuration section of `README.md` and the `config.cfg` itself as comments.

kerem referenced this issue

2026-03-13 16:13:35 +03:00

[PR #24] [MERGED] Fail on malformed JSON payloads in register endpoint #248