Connection timeout checking for updates when using IPv6 only

[bamypamy]

Hi, I have an opnsense Business FW currently running 24.10.2_8.

It uses IPv6 for Internet access, which might be the problem.

I get this message when I check for updates.

Code Select Expand

***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 24.10.2_8 (amd64) at Tue Apr 29 17:07:09 CEST 2025
Strict TLS 1.3 and CRL checking is enabled.
Fetching subscription information, please wait... No CRL was provided for /CN=opnsense-update.deciso.com
No CRL was provided for /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=RapidSSL TLS ECC CA G1
No CRL was provided for /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G3
done
Fetching changelog information, please wait... [!!] CRL fetch failed for http://cdp.rapidssl.com/RapidSSLTLSECCCAG1.crl (HTTPConnectionPool(host='cdp.rapidssl.com', port=80): Max retries exceeded with url: /RapidSSLTLSECCCAG1.crl (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x2cfbcd3a9dd0>, 'Connection to cdp.rapidssl.com timed out. (connect timeout=None)')))
I have seen that cdp.rapidssl.com does not have an IPv6 address.

I assume this is the reason why it fails to fetch the required CRL.

Is my assumption correct?

It's not a big deal as it still works and I can download the updates thanks to deciso providing an IPv6 address on their update server.
It just takes a little longer to retrieve the updates. It looks like the crl download just gets skipped at some point.

Would still be nice to find out if this is the issue and if it can somehow be fixed.

Thanks.