Hello, when I try to start caddy it tries to get json from https://acme-v02.api.letsencrypt.org/directory but it fails because it tries to use ipv6 to connect to that site. I use Arch Linux
Jan 01 14:04:24 ivan systemd: Started Caddy HTTP/2 web server. Jan 01 14:04:24 ivan caddy: Activating privacy features... 2019/01/01 14:04:24 making ACME client to get ToS URL: get directory at 'https://acme-v02.api.letsencrypt.org/directory': failed to get json "https://acme-v02.api.letsencrypt.org/directory": Get https://acme-v02.api.letsencrypt.org/directory: dial tcp: lookup acme-v02.api.letsencrypt.org on [::1]:53:read udp [::1]:38193->[::1]:53: read: connection refused Jan 01 14:04:24 ivan systemd: caddy.service: Main process exited, code=exited, status=1/FAILURE Jan 01 14:04:24 ivan systemd: caddy.service: Failed with result 'exit-code'.
On server there is ipv6 interface but without internet access so I tried to disable it but same result with small change in error log connect: cannot assign requested address instead of read: connection refused.
I tried do ipv6 tunneling and it works because I can ping acme-v02.api.letsencrypt.org via ipv6
I start caddy by systemd service
Description=Caddy HTTP/2 web server
; User and group the process will run as.
; Letsencrypt-issued certificates will be written to this directory.
; Always set “-root” to something safe in case it gets forgotten in the Caddyfile.
ExecStart=/usr/local/bin/caddy -log stdout -agree=true -quic -conf=/etc/caddy/Caddyfile -root=/var/tmp
ExecReload=/bin/kill -USR1 $MAINPID
; Use graceful shutdown with a reasonable timeout
; Limit the number of file descriptors; see
man systemd.exec for more limit settings.
; Unmodified caddy is not expected to use more than that.
; Use private /tmp and /var/tmp, which are discarded after caddy stops.
; Use a minimal /dev (May bring additional security if switched to ‘true’, but it may not work on Raspberry Pi’s or other devices, so it has been disabled in this dist.)
; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
; Make /usr, /boot, /etc and possibly some more folders read-only.
; … except /etc/ssl/caddy, because we want Letsencrypt-certificates there.
; This merely retains r/w access rights, it does not add any new. Must still be writable on the host!
; The following additional security directives only work with systemd v229 or later.
; They further restrict privileges that can be gained by caddy. Uncomment if you like.
; Note that you may have to add capabilities required by any plugins in use.