Connection refused, standalone


#1

I’m getting connection refused and none of the other posts dealing with this issue have helped me so far. Port 80 is clear. I run a spring boot application and am able to access at adajeinc.com with no issue. The app is not currently running. I’m using a virtual machine.

Thanks in advance

My domain is: adajeinc.com

I ran this command: sudo certbot certonly --standalone -d adajeinc.com --debug-challenges --verbose

It produced this output (i am unable to past the full output because it apparently has more than 20 links):

Reporting to user: The following errors were reported by the server:

Domain: adajeinc.com
Type: connection
Detail: Fetching http://adajeinc.com/.well-known/acme-challenge/LbFEkOoZqIXz8bhro9xuyLn0uCzp3v2smvhCsCzE9iU: Connection refused

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you’re using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
Encountered exception:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. adajeinc.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://adajeinc.com/.well-known/acme-challenge/LbFEkOoZqIXz8bhro9xuyLn0uCzp3v2smvhCsCzE9iU: Connection refused

Calling registered functions
Cleaning up challenges
Stopping server at :::80…
Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.31.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1365, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1250, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 410, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. adajeinc.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://adajeinc.com/.well-known/acme-challenge/LbFEkOoZqIXz8bhro9xuyLn0uCzp3v2smvhCsCzE9iU: Connection refused
Failed authorization procedure. adajeinc.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://adajeinc.com/.well-known/acme-challenge/LbFEkOoZqIXz8bhro9xuyLn0uCzp3v2smvhCsCzE9iU: Connection refused

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: adajeinc.com
    Type: connection
    Detail: Fetching
    http://adajeinc.com/.well-known/acme-challenge/LbFEkOoZqIXz8bhro9xuyLn0uCzp3v2smvhCsCzE9iU:
    Connection refused

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My web server is (include version): There is no web server running but I am able to run one and have verified it can be accessed over port 80

The operating system my web server runs on is (include version): ubuntu 16.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Results of port scan:
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-24 04:25 EDT
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 04:25
Completed NSE at 04:25, 0.00s elapsed
Initiating NSE at 04:25
Completed NSE at 04:25, 0.00s elapsed
Initiating Ping Scan at 04:25
Scanning 4.15.170.226 [2 ports]
Completed Ping Scan at 04:25, 0.02s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 04:25
Completed Parallel DNS resolution of 1 host. at 04:25, 0.03s elapsed
Initiating Connect Scan at 04:25
Scanning 4.15.170.226 [1000 ports]
Discovered open port 3389/tcp on 4.15.170.226
Completed Connect Scan at 04:25, 6.49s elapsed (1000 total ports)
Initiating Service scan at 04:25
Scanning 1 service on 4.15.170.226
Completed Service scan at 04:26, 11.08s elapsed (1 service on 1 host)
NSE: Script scanning 4.15.170.226.
Initiating NSE at 04:26
Completed NSE at 04:26, 0.13s elapsed
Initiating NSE at 04:26
Completed NSE at 04:26, 0.00s elapsed
Nmap scan report for 4.15.170.226
Host is up (0.022s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
80/tcp closed http
3389/tcp open ms-wbt-server Microsoft Terminal Services
| ssl-cert: Subject: commonName=DSilva
| Issuer: commonName=DSilva
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2019-03-12T14:22:20
| Not valid after: 2019-09-11T14:22:20
| MD5: 696c fed9 22a5 5258 2cb8 87d3 f27a 3f99
|_SHA-1: 9fa1 479e 8936 97cd bd37 2d82 47b4 3ff0 1b39 d4d2
|_ssl-date: 2019-03-24T08:26:07+00:00; -1s from scanner time.
8080/tcp closed http-proxy
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
|_clock-skew: mean: -1s, deviation: 0s, median: -1s

NSE: Script Post-scanning.
Initiating NSE at 04:26
Completed NSE at 04:26, 0.00s elapsed
Initiating NSE at 04:26
Completed NSE at 04:26, 0.00s elapsed
Read data files from: /usr/local/bin/…/share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 18.41 seconds


#2

Hi @jrs

checking your config there are some curious things ( https://check-your-website.server-daten.de/?q=adajeinc.com ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout
adajeinc.com A 4.15.170.226 yes 1 0
AAAA yes
www.adajeinc.com C ghs.googlehosted.com yes 1 0
A 172.217.168.211 yes
AAAA 2a00:1450:400e:80c::2013 yes
www.adajeinc.com A 172.217.16.179 no
ghs.googlehosted.com A 172.217.16.179 no

The non-www goes to 4.15.170.226, but that

Domainname Http-Status redirect Sec. G
http://adajeinc.com/
4.15.170.226 -2 6.736 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 4.15.170.226:80
http://www.adajeinc.com/
172.217.16.179 404 0.103 M
Not Found
http://www.adajeinc.com/
172.217.168.211 404 0.080 M
Not Found
http://www.adajeinc.com/
2a00:1450:400e:80c::2013 404 0.094 M
Not Found
https://adajeinc.com/
4.15.170.226 -14 10.033 T
Timeout - The operation has timed out

looks like an active blocking.

If there is no application, I would expect a simple timeout (~ 10 seconds).

The https with that ip address has that simple timeout.

And your error (connection refused) is ~~ the same.

You can ignore the other things if you don’t want to create a certificate with www. But if www has a dns entry, you should create a certificate with both domain names.


#3

Thanks for the response and for pointing me to check-your-website. Looks like the issue is my end


#4

I now get timeout on port 80 but still same error from certbot, any ideas?

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: adajeinc.com
    Type: connection
    Detail: Fetching
    http://adajeinc.com/.well-known/acme-challenge/jIzTsXugXnFQEX6hGwd55sJZ-pE3toiWXYWGEI0-Quo:
    Connection refused

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.


#5

Your port 80 is closed.

Your last check ( https://check-your-website.server-daten.de/?q=adajeinc.com ):

http://adajeinc.com/
4.15.170.226
	-2
	
	6.734
	V
ConnectFailure - Unable to connect to the remote server 
No connection could be made because the target machine actively refused it 4.15.170.226:80

Is there a Windows firewall? That’s a typical firewall result.


closed #6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.