Why Encryption is important? Read https://spreadprivacy.com/what-does-https-do. It explains why sniffing on the line can only be mitigated by using encryption wherever possible.
As of the IPv6 bug, I can currently not use Let’s Encrypt to automatically refresh my certificates on my servers. My network is behind a IPv6 only stack, IPv4 cannot be connected/routed from the outside without a tunnel provider.
https://github.com/certbot/certbot/issues/1466#issuecomment-299934637, https://github.com/certbot/certbot/issues/1466#issuecomment-288149887, replaced by https://github.com/certbot/certbot/pull/4773
My actual workaround is to use the AAA records of my domain to store a key value generated by Let’s Encrypt to verify my domains. With this manual workaround I can at least generate a new and/or update a certificate. This workaround should not be required anymore since certbot 0.15.
Certbot
Installation:
sudo pacman -Sy certbot
sudo nano /etc/letsencrypt/cli.ini # This is an example of the kind of things you can do in a configuration file. # All flags used by the client can be configured here. Run Certbot with # "--help" to learn more about the available options. # Use a 4096 bit RSA key instead of 2048 rsa-key-size = 4096 # Uncomment and update to register with the specified e-mail address # you will get automatic e-mail notifications if the certificate expires 20 and 10 days upfront email = admin@DOMAINNAME.com # Uncomment and update to generate certificates for the specified # domains. # domains = example.com, www.example.com domains = DOMAINNAME.com,www.DOMAINNAME.com,ipv4.DOMAINNAME.com,ipv6.DOMAINNAME.com # Uncomment to use a text interface instead of ncurses # text = True # Uncomment to use the standalone authenticator on port 443 # authenticator = standalone #standalone-supported-challenges = tls-sni-01 preferred-challenges = tls-sni-01 # Uncomment to use the webroot authenticator. Replace webroot-path with the # path to the public_html / webroot folder being served by your web server. # authenticator = webroot # webroot-path = /usr/share/nginx/html # Terms of Use. Accept LE terms of use: Default: False # agree-tos = True