Conection refused with certbot

Hi,

Since yesterday, without any aparent reason, my domains have stopped responding.

My DNS zone doesn’t have any change, my registry of A type cloud.asketic.ovh pointers to 92.58.25.208.

I have tested to make ping & traceroute, but I don’t know if it is correct to make it in LAN or it is better to make ir from outside.

I have checked the router, where there have been no changes.

I show here a image because some time ago my ISP changed my router and I found that the new router it is diferent (NAT section include new zone for IPv6) and I don’t know if it is well-configured (although until now it works well) :

I thought proxy machine could be corrupt, so I have rised another machine for proxy with nginx (like the one i had) and I have copied the virtualhosts, i have installed the certbot & python-certbot-nginx & I am triying to create the certificates.

But when i try toi make the certificate obtain the next error:

root@proxy:/etc/nginx/sites-available# certbot --nginx -d cloud.asketic.ovh
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for cloud.asketic.ovh
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. cloud.asketic.ovh (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Connection refused

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: cloud.asketic.ovh
    Type: connection
    Detail: Connection refused

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.
    root@proxy:/etc/nginx/sites-available#

I have also tried to make test (and obtain some result):

root@proxy:/etc/nginx/sites-available# certbot certonly --test-cert --standalone
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’
to cancel):cloud.asketic.ovh
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for cloud.asketic.ovh
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. cloud.asketic.ovh (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Connection refused

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: cloud.asketic.ovh
    Type: connection
    Detail: Connection refused

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.
    root@proxy:/etc/nginx/sites-available#

Now I don’t know which problem can it be.

Any ideas, please?

thanks

There is no response to cloud.asketic.ovh on port 443 nor on port 80

Hi there,

I’m a friend of jonabasque and we are trying to make it work. rg305, we suppose that you have tried to access to cloud.asketic.ovh via browser. Can you execute the winmtr (if you are in Windows) or mtr (if you are in Ubuntu) commands and put in this topic the results that you obtain with them? And with the traceroute command if you can, please. We try with them (“mtr cloud.asketic.ovh” and “traceroute cloud.asketic.ovh”) and we only obtain our public IP.

Thanks for your hep

I am seeing that site working right now, so maybe you’ve figured out the problem already?

Yes, it is solved. It was a problem with the router, that was misconfigured. We change some parameters in the NAT/PAT section of the device and then the website works well. Thanks for your help checking the site out of our enviroment.

Regards

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.