Certificate obtaining does not seem to work for tcp

[scriptdealer]

Hello, how am I supposed to obtain certificates over tcp ? If I bind to just ":443", it binds to tcp6, and that is unacceptable.
If I bind to tcp4 with "xxx.xx.xx.xxx:443", layer4 app still creates binding to tcp6 :::80, and certificate obtaining fails.

"issuer":"acme.zerossl.com-v2-DV90","error":"[mydomain] solving challenges: [mydomain] authorization took too long

$ sudo netstat -ntlp
tcp 0 0 172.16.42.228:2022 0.0.0.0:* LISTEN 12808/caddy
tcp 0 0 172.16.42.228:443 0.0.0.0:* LISTEN 12808/caddy
tcp6 0 0 :::80 :::* LISTEN 12808/caddy
tcp6 0 0 :::22 :::* LISTEN 914/sshd: /usr/sbin

Also, how much is this true ? hashicorp/nomad#10189

[emilylange]

Hi :)

Would be cool if you could post your config.

Also, you should be able to bind to ipv4-only, without specifying your interface IP manually, by using tcp4/0.0.0.0:443 instead. See #47 (comment) for a bit more details on that.

Without knowing your config, I think you should be able to change the tls challenge bind via bind_host here:
https://caddyserver.com/docs/json/apps/tls/automation/policies/issuers/acme/challenges/
https://caddyserver.com/docs/json/apps/tls/automation/policies/issuers/acme/challenges/bind_host/

[scriptdealer]

Yep, now it binds to tcp4 with bind_host