2 errors after running certbot --apache

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:cuttinej.com

I ran this command:certbot --apache

It produced this output:

My web server is (include version):Server version: Apache/2.4.38 (Raspbian)
Server built: 2019-10-15T19:53:42

The operating system my web server runs on is (include version):Raspian 10 (Buster) latest version

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):No, but I can sudo or sudo -i.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):0.31.0

I get the errors listed above in the shell after running sudo certbot --apache.
I can get my website in the browser by typing cuttinej.com. It returns www.cuttinej.com in unsecured (http).

If I type in https://cuttinej.com I get the following error page in the browser:
Secure Connection Failed

An error occurred during a connection to www.cuttinej.com. SSL received a record that exceeded the maximum permissible length.


Really not sure what’s going on. Any help will be appreciated.

1 Like

That happens when the web server isn’t running, or is running but is not listening on port 80.

That confusing error message happens when port 443 is configured to do HTTP instead of HTTPS.

At the moment, I get “connection refused” for port 443 too, though.

Is your web server running? Are your port forwarding settings correct? Is Apache configured correctly for both port 80 and port 443? What does “sudo apachectl -t -D DUMP_VHOSTS” output?

1 Like

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using Set the ‘ServerName’ directive globally to suppress this message
VirtualHost configuration:
*:80 cuttinej.com (/etc/apache2/sites-enabled/000-default.conf:1)

Server is running.

Screenshot from 2020-02-14 22-32-12

1 Like

This kinda has me stumped.
On my main PC I can access the index.html
On my phone I can access it with a connection to my home wifi, but not with my carrier’s LTE.
My Son (150 miles away) can access it with his iPhone. Definitely outside the local network.)
But certbot --apache gets “connection refused” error.

I don’t get it. What am I missing here?

Screenshot from 2020-02-14 22-42-43

I discovered that my ISP (Xfinity/Comcast) has deployed an Advanced Security feature (IDS) that basically blocked pretty much everything from the outside. This, despite all indications that the ports were open, port forwarding was properly configured and even a phone call to Xfinity Support that couldn’t find anything wrong. Once I disabled Advanced Security I stopped getting the connection refused errors and certbot --apache ran just fine to completion and successfully issued and installed my certificates. I really need a sarcasm font when I say THANKS XFINITY/COMCAST!

I hope this helps anyone else who might be experiencing these inexplicable connection refused issues and I’m very grateful to all who tried to help me.

NOTE: Although I remember getting an email from my ISP about this new feature, there’s NOTHING about it that’s right up front for you to be aware of the change. Nothing on the router or their website to provide control or access and not even any indication that it exists except an occasional blurb where they pat themselves on the back for providing enhanced security (valued at $79 per month) at no additional cost! I really had to pay close attention to eventually discover a new app on Google Play Store called xFi that allowed me to disable Advanced Security from my phone.

1 Like