AWS lightSail having issue while getting SSL certificate through letsEncrypt

Question

I am running aws lightsail, wordpress site. I am trying to get ssl certificate from LetsEncrypt using bncert-tool. I am getting the following error. '54.253.145.89' is a static IP that i have attached with my lightsail instance.

Warning: The domain 'telequip.net' resolves to a different IP address than the one detected for this machine, which is '54.253.145.89'. Please fix its DNS entries or remove it. For more info see: https://docs.bitnami.com/general/faq/configuration/configure-custom-domain/

I have tried the validation method to fix it /opt/bitnami/bncert-tool --perform_public_ip_validation 0 --perform_dns_validation 0. But this time I am getting "error: 400 ; Timeout during connect". I have checked all the security setting but I am unable to resolve it.

[telequip.net] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Timeout during connect (likely firewall problem) 102 [www.telequip.net] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Timeout during connect (likely firewall problem)

Moreover, I have also tried disabling IPv6 but I still getting the same error.

Answer 1

Your first error usually happens if you have IPv6 enabled on your lightsail instance. The Bncert tool doesn't properly support IPv6 when issuing certificates.

You can disable IPv6 by following these steps:

1. From your Lightsail dashboard, click on the instance you're having issues with
2. Choose "Networking"
3. Scroll down to IPv6 and switch the toggle to off (x)

You will receive a pop up warning that disabling IPv6 will release the address back into the pool. You must accept and agree with this happening if you want to use the Bncert tool on your Lightsail instance.

AFAIK the only way to support SSL on IPv6 would be to purchase a certificate elsewhere and install it manually.