ACME Challenges failed, connection refused

Help
1

My domain is: incog.rioctos.com

I ran this command: ./init-letsencrypt.sh

(This is from GitHub - wmnnd/nginx-certbot: Boilerplate configuration for nginx and certbot with docker-compose)

It produced this output:

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: incog.rioctos.com
  Type:   connection
  Detail: 77.68.75.108: Fetching http://incog.rioctos.com/.well-known/acme-challenge/uGkQuZAJnEuiHnHPOPnuuupFdgqdMP-cfsaRl9_hKZI: Connection refused

  Domain: www.incog.rioctos.com
  Type:   connection
  Detail: 77.68.75.108: Fetching http://www.incog.rioctos.com/.well-known/acme-challenge/BUDs3tH4ySNWD_N9zhYqTPiYWwbiKwiBWaUsElbKPuQ: Connection refused

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
ERROR: 1

My web server is (include version): Nginx 1.18.0

The operating system my web server runs on is (include version): Ubuntu 2.20

My hosting provider, if applicable, is: Ionos VPS

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.5.0

2

Hi @savage_hz, and welcome to the LE community forum :slight_smile:

HTTP [TCP port 80] is not open.

curl -Ii incog.rioctos.com
curl: (56) Recv failure: Connection reset by peer
3 Likes
3

Hi,

image
And I also have set firewall rules for all ports open.

How do I enable HTTP TCP port 80?

Thanks

1 Like
4

Ping uses ICMP by default, not TCP.

You should talk with your hosting service about that. Is 77.68.75.108 still your public IP address? Because that is what the public DNS has for your domain.

Also, in the past 8 days you've received 4 certs already. Why do you need another one? And, what changed to prevent access to port 80 now when it was working before?

Note also there is a Rate Limit of 5 certs / week with the identical names. You should use the Staging System while you are testing to avoid being rate limited.

https://tools.letsdebug.net/cert-search?m=domain&q=incog.rioctos.com&d=744

4 Likes
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.