Connection refuse and i don't know how to troubleshoot

Iuliean · September 27, 2022, 12:39pm

My domain is:rcentrala.ddns.net

I ran this command: sudo certbot certonly --standalone

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): rcentrala.ddns.net:18080
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for rcentrala.ddns.net
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. rcentrala.ddns.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: 84.117.138.115: Fetching http://rcentrala.ddns.net/.well-known/acme-challenge/aPfXXgl1vYWfFWN6HuyGlUY6FbmbIcGn1nul2ah9DTM: Connection refused

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: rcentrala.ddns.net
   Type:   connection
   Detail: 84.117.138.115: Fetching
   http://rcentrala.ddns.net/.well-known/acme-challenge/aPfXXgl1vYWfFWN6HuyGlUY6FbmbIcGn1nul2ah9DTM:
   Connection refused

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

My web server is (include version): CrowCpp (you can find it on github)

The operating system my web server runs on is (include version): Debian 10 (on raspberry pi Zero W)

My hosting provider, if applicable, is: no-ip (it's a free domain)

I can login to a root shell on my machine (yes or no, or I don't know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):0.31.0

rg305 · September 27, 2022, 4:58pm

Hi @Iuliean, and welcome to the LE community forum

~~You must have a working HTTP site before it can be secured using HTTP-01 authentication.~~

schoen · September 27, 2022, 5:03pm

But @Iuliean is using --standalone, where this is not a requirement (because Certbot would make its own HTTP server).

I'm surprised that Certbot accepted the :18080 in this input—maybe we changed that later so it doesn't?

In order to use --standalone this way, you do need to be able to accept incoming connections on port 80, as seen by the rest of the Internet, and they need to be forwarded to port 80 on your server. Do you have a router or firewall that is doing port forwarding? If so, has port 80 been forwarded to your server? If you're using a residential ISP here, do you know if your ISP allows incoming connections on port 80?

Osiris · September 27, 2022, 8:16pm

I'm not able to test for v0.31.0, but current Certbot versions simply drop the port from the URI and use the hostname.

Iuliean · September 28, 2022, 11:14am

I am not sure what happened but i think it was a port forwarding problem.
I had port 18080 forwarded and port 80 and 443 external mapped to 18080 internal and that may have confused things a bit

system · October 28, 2022, 11:15am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.