Well, well, well…
Looks like we have made some pretty good (although painful 
) progress on this topic.
tl;dr: ddclient is lacking the needed flexibility to support NextBox’s use-cases, therefore we decided to drop ddclient for the “guided dynamic dns” IP-Updates. A new release is already in the testing pipeline and is to be expected within the next few days, which makes the impression this issue and the “multiple-ipv6” addresses-issue will be resolved. *holding-thumbs*
some more details:
-
ddclientcan simply not update the same domain with two different IPs, e.g., both IPv6 and IPv4. - currently desec.io (our guided dynamic dns-provider)“guesses” the IPv6 address, based on the request, which is sent by
ddclientto update the IPv4 address, this “guess” is sometimes wrong (nothing special to have multiple IPv6 addresses for a single device) -
Let’s encrypt is quite picky when it comes to resolving IPs to domains (well, obviously
), so a wrong “guessed” IPv6 address, does not lead to your NextBox, thus Let’s Encrypt won’t grant you a certificate. - Workaround: you can login to desec.io and simply delete your IPv6 address (or correct it), then the certificate renewal will work without issues.
- although we decided for
ddclientto avoid re-inventing the wheel, we here hit the limit of what is possible withddclientis reached (sure, various hacks/workarounds would somehow solve it, but nothing sustainable) - so from now on the guided-dynamic-dns updates are done by the
nextbox-daemon
long story short, this issue should be resolved with the next release, the next days…
best