Challenge did not pass: Connection refused

vcliew13 · February 13, 2019, 2:10am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
webmin.yriver-tech.com

I ran this command:
I request certificate from Webmin Configuration > Let’s Encryp > Request Certificate

It produced this output:
webmin.yriver-tech.com challenge did not pass: Fetching http://webmin.yriver-tech.com/.well-known/acme-challenge/fxh1geix1L7ECmXKWDFzpY5ngVaWrSk0JtKs9YCZ9-s: Connection refused

My web server is (include version):
Webmin version 1.900

The operating system my web server runs on is (include version):
Webmin version 1.900

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
I can login to the Webmin admin with root and alternate root

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

rg305 · February 13, 2019, 2:48am

This shows me that port 80 is not responding to LE requests.
[perhaps blocked by the ISP or firewall]

Which I can confirm from my own system:

wget http://webmin.yriver-tech.com/.well-known/acme-challenge/1234
--2019-02-13 02:44:35--  http://webmin.yriver-tech.com/.well-known/acme-challenge/1234
Resolving webmin.yriver-tech.com (webmin.yriver-tech.com)... 18.222.173.190
Connecting to webmin.yriver-tech.com (webmin.yriver-tech.com)|18.222.173.190|:80... failed: Connection timed out.
Retrying.

To make things worse, even port 443 is unresponsive/blocked.

Now I'm thinking Geo-Location blocking is in enabled.

You would have to allow at least port 80 access to validate the cert.
OR use something like DNS validation.
[if this is a very restricted system]

vcliew13 · February 13, 2019, 4:52am

Hi rg305

I tried with DNS Validation but receive below error. Can you help?

Requesting a new certificate for webmin01.yriver-tech.com, using DNS validation …

… request failed : Neither DNS zone webmin01.yriver-tech.com or any of its sub-domains exist on this system

rg305 · February 13, 2019, 3:48pm

DNS validation would require a TXT record be created in the Internet zone for the FQDN as:
_acme-challenge.webmin01.yriver-tech.com

The authoritative DNS server is at IP 3.16.89.140:
nslookup -q=ns yriver-tech.com
ns1.yriver-tech.com internet address = 3.16.89.140
ns2.yriver-tech.com internet address = 3.16.89.140

Unfortunately I’m not familiar with how to instruct Webmin to handle DNS authentication.

system · March 15, 2019, 3:48pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.