Solved: Error provisioning TLS certificate since upgrade to 0.23a


I upgraded my MIAB last Monday from 0.21 to 0.23a. This went flawless and AFAICS everything works fine. One thing is different though, since this upgrade I get a nightly mail informing me that there is an error in provisioning TLS certificate:,,
Something unexpected went wrong: The HTTP Validation challenge for failed: Could not connect to


It turns out that this problem had nothing to do with the upgrade from MIAB 0.21 -> 0.23a. Unfortunately the upgrade coincided with the fact that my LetsEncrypt certificates were in their last 14 days of validity.

The problem was caused by the fact that LetsEncrypt connects to target systems using IPv6 as the preferred way. Only when the connection over IPv6 times out IPv4 is tried. Due to a bug in LetsEncrypt this timeout does not work ATM. My box has an IPv6 address and an AAAA record, but due to a configuration problem with my firewall was not actually reachable over IPv6. Hence the error.

After correcting the firewall problem the provisioning went fine again.

Hope this saves someone the hours I spent to figure this out :slight_smile: