Connection refused. Don't know why

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cuttinej.com

I ran this command: certbot --apache

It produced this output:
IMPORTANT NOTES:

My web server is (include version): Apache2 (2.4.38-3+deb10u3)

The operating system my web server runs on is (include version):Raspian (Buster)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): I can login a s a sudo user and switch to root when necessary.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

I can connect to the web server in the browser by typing in cuttinej.com or www.cuttinej.com. Dynamic IP on the router and static on the server. Port 80 forwarded to 80 and 443 to 443 on the router. Everything is working. Or so it seems. But the certificate installation fails.

That’s strange…

Are you stopping Apache before running Certbot?

What else does Certbot output?

Do Certbot or Apache’s logs show any errors?

That’s about it. All from the command line. The only thing I could think of was maybe the firewall, but I completely disabled it for a minute and got the same results. Apache is running. I haven’t worked with Apache (or any of this) for quite a while. If you can help me narrow it down a bit I can attach the log files. This is pretty much all I’ve done except for installing NextCloud.

Not sure If we’ll even get anything from the apache logs since the connection is being refused… Can you check your ufw config & make sure 80 & 443 are set to allow traffic? also post the results of netstat -plnt

What I get:

[root@Revan:~]# curl -ILv http://cuttinej.com/.well-known/acme-challenge/fOt2rnm7j-Spe2gIz9iFOEOQWev547RgHszWnP7Aghk:
*   Trying 73.3.34.84...
* TCP_NODELAY set
* connect to 73.3.34.84 port 80 failed: Connection refused
* Failed to connect to cuttinej.com port 80: Connection refused
* Closing connection 0
curl: (7) Failed to connect to cuttinej.com port 80: Connection refused


[root@Revan:~]# curl -ILv cuttinej.com
* Rebuilt URL to: cuttinej.com/
*   Trying 73.3.34.84...
* TCP_NODELAY set
* connect to 73.3.34.84 port 80 failed: Connection refused
* Failed to connect to cuttinej.com port 80: Connection refused
* Closing connection 0
curl: (7) Failed to connect to cuttinej.com port 80: Connection refused

Ah? For me, I could access the site half an hour ago, but I also get connection refused now.

I restarted Apache and this time the certificate installed just fine. Don’t know why.

One of my systems still gets connection refused.

Another one, that hadn’t connected to your site before, works.

Could you have some kind of anti-abuse rate limiting thing that temporarily or permanently blocks iPs?

Not sure of a couple of things right now. I had to manually add a host to my config file for NextCloud to be able to connect at all, but it still shows a warning in the address bar as an untrusted host on https.

Ok, so here’s where this stands. For reasons unknown, the certificate installed after restarting apache2. I don’t know why since the whole system is fresh today and I had just rebooted prior to trying to get the certificate. I’m still having a couple of issues with the site showing up as untrusted, but I’ll submit a separate topic to try to deal with that. Thank you to everyone who offered help. Consider this topic closed.