diff --git a/acmetxt.go b/acmetxt.go
index 7b20c02abb1372f4c86cd5a5705aeb21a8809cec..95719d1eec43546d2b5c6b8e72e68dbdc8adb500 100644
--- a/acmetxt.go
+++ b/acmetxt.go
@@ -33,9 +33,9 @@ func (c *cidrslice) JSON() string {
 func (c *cidrslice) ValidEntries() []string {
 	valid := []string{}
 	for _, v := range *c {
-		_, _, err := net.ParseCIDR(v)
+		_, _, err := net.ParseCIDR(sanitizeIPv6addr(v))
 		if err == nil {
-			valid = append(valid, v)
+			valid = append(valid, sanitizeIPv6addr(v))
 		}
 	}
 	return valid
diff --git a/auth.go b/auth.go
index 99c30350b7315241b43bc4e0b1a198ce5c31bce5..162f9270f9828044e01238be366486bbe0bd5a10 100644
--- a/auth.go
+++ b/auth.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"net"
 	"net/http"
 
 	"github.com/julienschmidt/httprouter"
@@ -83,5 +84,10 @@ func updateAllowedFromIP(r *http.Request, user ACMETxt) bool {
 		ips := getIPListFromHeader(r.Header.Get(Config.API.HeaderName))
 		return user.allowedFromList(ips)
 	}
-	return user.allowedFrom(r.RemoteAddr)
+	host, _, err := net.SplitHostPort(r.RemoteAddr)
+	if err != nil {
+		log.WithFields(log.Fields{"error": err.Error(), "remoteaddr": r.RemoteAddr}).Error("Error while parsing remote address")
+		host = ""
+	}
+	return user.allowedFrom(host)
 }
diff --git a/auth_test.go b/auth_test.go
new file mode 100644
index 0000000000000000000000000000000000000000..911b4f7456d0414d46e9bbbd603bd4c343154dfc
--- /dev/null
+++ b/auth_test.go
@@ -0,0 +1,33 @@
+package main
+
+import (
+	"net/http"
+	"testing"
+)
+
+func TestUpdateAllowedFromIP(t *testing.T) {
+	userWithAllow := newACMETxt()
+	userWithAllow.AllowFrom = cidrslice{"192.168.1.2/32", "[::1]/128"}
+	userWithoutAllow := newACMETxt()
+
+	for i, test := range []struct {
+		remoteaddr string
+		expected   bool
+	}{
+		{"192.168.1.2:1234", true},
+		{"192.168.1.1:1234", false},
+		{"invalid", false},
+		{"[::1]:4567", true},
+	} {
+		newreq, _ := http.NewRequest("GET", "/whatever", nil)
+		newreq.RemoteAddr = test.remoteaddr
+		ret := updateAllowedFromIP(newreq, userWithAllow)
+		if test.expected != ret {
+			t.Errorf("Test %d: Unexpected result for user with allowForm set", i)
+		}
+
+		if !updateAllowedFromIP(newreq, userWithoutAllow) {
+			t.Errorf("Test %d: Unexpected result for user without allowForm set", i)
+		}
+	}
+}
diff --git a/util.go b/util.go
index 46cf64de913af563d7d900a318cdd07c27569699..dcd1d15e12e7fc878cf90bb01e93398b9eaa99b1 100644
--- a/util.go
+++ b/util.go
@@ -38,6 +38,12 @@ func sanitizeString(s string) string {
 	return re.ReplaceAllString(s, "")
 }
 
+func sanitizeIPv6addr(s string) string {
+	// Remove brackets from IPv6 addresses, net.ParseCIDR needs this
+	re, _ := regexp.Compile("[\\[\\]]+")
+	return re.ReplaceAllString(s, "")
+}
+
 func generatePassword(length int) string {
 	ret := make([]byte, length)
 	const alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890-_"