Attempting to get certificates: duckdns Connection refused

Hi,
I have been pulling my hair out for days now with this one.
I have recently stood up a new Raspberry Pi config for Homeassistant running in docker.
Previously this was HAOSS and with add-ons for Duck Dns / Lets Encrypt and NGINX things were working OK (well those bits anyway)
Now I am having great difficulty setting these up in my new world. I have been following others suggestions eg

Create a certificate using Certbot through Docker | An honest place where you can learn things about programming.
How to Set Up letsencrypt with Nginx on Docker

I think I have it down to a consistent error 'Connection refused' and that seems to be coming from Certbot trying to get keys.
Having said that 'connection refused getting new certificates' is a recurrent theme acoss the web but there appears to be an infinite number of possible causes
(a, sanatized, full log is attached)
It should not be too bad because it was working a week or two ago - so DuckDns should be valid, ports open etc.
Rather than me over thinking it I would appreciate if somebody who knew something about this stuff could look at the attached log and pinpoint where line 229 (and better yet 'why') it has fallen off the rails.

Being aware of the 'chicken/egg' issue the relevant setting for
docker-compose.yaml are

  nginx:
    container_name: nginx
    image: nginx:latest
    ports:
      - 80:80
#      - 443:443
    restart: always
    volumes:
      - /home/jc/docker/nginx/:/etc/nginx/conf.d/:ro
      - /home/jc/docker/certbot/www:/var/www/certbot:ro
      - /home/jc/docker/certbot/conf:/etc/letsencrypt:rw

  certbot:
    container_name: certbot
    image: certbot/certbot:latest
    volumes:
      - /home/jc/docker/certbot/www:/var/www/certbot:rw
      - /home/jc/docker/certbot/conf:/etc/letsencrypt:rw
      - /home/jc/docker/certbot/lib:/var/lib/letsencrype:rw
      - /home/jc/docker/certbot/log:/var/log/letsencrypt:rw

and the nginx app.conf...

server {
    listen 80;
    listen [::]:80 ipv6only=off;
    server_name campbellshouse.duckdns.org;
#   server_tokens off;
    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }
    location / {
        return 301 https://campbellshouse.duckdns.org$request_uri;
    }    
}

certbot_log_evidence_sanitised.txt (16.5 KB)

Thanks for any help you can offer
JC

Yes, there is a consistent connection problem. The Let's Encrypt servers are sending an HTTP request (port 80) to your domain name but the connection is refused.

It is not just the LE Servers that fail to connect. I cannot reach your domain's home page from my own test server in the USA. And, we often use the Let's Debug test site for these problems and it cannot reach you either. It tries from its own test server and also by using the Let's Encrypt staging system. Both fail.

You should try connecting to your domain from outside your own network. Even a mobile phone with wifi disabled to use the carrier network. If you can connect with that then you should review any firewall for geographic based blocking.

If you can't connect then make sure your ISP supports incoming requests on port 80. And, review all your comms config setup. Make sure your host is routing these requests to your nginx container. And, all related items. Rerun the Let's Debug test after making changes until it reports OK.

MikeMcQ, Thank you heaps for the very specific suggestions.
As of 5 minutes ago I have a solution and the test you sent reruns without any error.

I ended up abandoning trying to put nginx and certbot inside containers. There are just no coherent instructions for this as of Sept 2024. Plenty of 'instructions' but lots are undated and anything over 1 or 2 years old seems to just not work!

A vanilla install of nginx then let certbot install and fix/adjust the nginx settings as it gets the certificates and the base is working. Then it took the rest of the day to configure/'beat up' Homeassistant (which has to run in a docker container) to use these certificates.

So your suggestion to start from the outside and work inwards was what I needed to get the focus right.

Tomorrow I get to repeat the exercise with the production device.
Thanks again
JC

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.