Connection Refused when issuing new certificate


#1

My domain is: diabisa-api.siloamhospitals.com

I ran this command: sudo certbot certonly --standalone -d diabisa-api.siloamhospitals.com

It produced this output:
Failed authorization procedure. diabisa-api.siloamhospitals.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://diabisa-api.siloamhospitals.com/.well-known/acme-challenge/Wkn9ZG4-K-TmbnCllpyQnDmsB39zG65HcJnpQHz0i0U: Connection refused

IMPORTANT NOTES:

My web server is (include version): Nginx 1.14.0
The operating system my web server runs on is (include version): Ubuntu 18.04 LTS

My hosting provider, if applicable, is: Microsoft Azure

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): yes (azure portal)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.28.0


#2

Hi @dss

if you use --standalone, certbot starts an own webserver to anser the request of /.well-known/acme-challenge/file-with-random-name.

Looks that this doesn’t work - connection refused.

But checking your domain ( https://check-your-website.server-daten.de/?q=diabisa-api.siloamhospitals.com )

Domainname Http-Status redirect Sec. G
http://diabisa-api.siloamhospitals.com/
103.106.81.136 200 0.400 H
https://diabisa-api.siloamhospitals.com/
103.106.81.136 -2 1.640 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 103.106.81.136:443
http://diabisa-api.siloamhospitals.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
103.106.81.136 404 0.430 A
Not Found

the result is good. Port 80 is open, /.well-known/acme-challenge/unknown-file sends the expected http status 404 - Not Found.

X-Powered-By: Express

Do you have a webroot?

If yes, use it:

certbot run -a webroot certonly -w yourWebRoot -d diabisa-api.siloamhospitals.com

#3

following your suggestion, we have tried the steps outlined in this documentation: https://medium.com/@yash.kulshrestha/using-lets-encrypt-with-express-e069c7abe625

but still got the same error Connection refused

Any thoughts?


#4

Create a file in /.well-known/acme-challenge, file name 1234 and try to load this file with your browser:

http://diabisa-api.siloamhospitals.com/.well-known/acme-challenge/1234

#5

i have created the file and upload it. however when i try to access it, i got connection refused as well


#6

Oh, checking

http://diabisa-api.siloamhospitals.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

with my browser -> connection refused.

Is there a firewall? Or has your webserver problems handling http errors?

My earlier window loading

http://diabisa-api.siloamhospitals.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

in my browser showed

Error: Failed to lookup view "error" in views directory "/home/adminapp/diabetic-backend/views"
    at Function.render (/home/adminapp/diabetic-backend/node_modules/express/lib/application.js:580:17)
    at ServerResponse.render (/home/adminapp/diabetic-backend/node_modules/express/lib/response.js:1008:7)
    at app.use (/home/adminapp/diabetic-backend/server.js:59:9)
    at Layer.handle_error (/home/adminapp/diabetic-backend/node_modules/express/lib/router/layer.js:71:5)
    at trim_prefix (/home/adminapp/diabetic-backend/node_modules/express/lib/router/index.js:315:13)
    at /home/adminapp/diabetic-backend/node_modules/express/lib/router/index.js:284:7
    at Function.process_params (/home/adminapp/diabetic-backend/node_modules/express/lib/router/index.js:335:12)
    at next (/home/adminapp/diabetic-backend/node_modules/express/lib/router/index.js:275:10)
    at app.use (/home/adminapp/diabetic-backend/server.js:48:5)
    at Layer.handle [as handle_request] (/home/adminapp/diabetic-backend/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/home/adminapp/diabetic-backend/node_modules/express/lib/router/index.js:317:13)
    at /home/adminapp/diabetic-backend/node_modules/express/lib/router/index.js:284:7
    at Function.process_params (/home/adminapp/diabetic-backend/node_modules/express/lib/router/index.js:335:12)
    at next (/home/adminapp/diabetic-backend/node_modules/express/lib/router/index.js:275:10)
    at SendStream.error (/home/adminapp/diabetic-backend/node_modules/serve-static/index.js:121:7)
    at emitOne (events.js:116:13)
    at SendStream.emit (events.js:211:7)
    at SendStream.error (/home/adminapp/diabetic-backend/node_modules/send/index.js:270:17)
    at SendStream.onStatError (/home/adminapp/diabetic-backend/node_modules/send/index.js:421:12)
    at next (/home/adminapp/diabetic-backend/node_modules/send/index.js:736:16)
    at onstat (/home/adminapp/diabetic-backend/node_modules/send/index.js:725:14)
    at FSReqWrap.oncomplete (fs.js:152:21)

So it looks that your error handling was wrong - and now it returns a refused.


#7

i have opened the port 80 and 443 as well. so i think firewall is not the issue anymore.

when it shows error: failed to lookup view “error” that must be my false error handling. you dont have to worry about it. I have turn off the server and it should not show this output anymore.

from what I know, I need to turn off the server first so certbot can bind the 80 port. Is this right?


#8

Now I can’t connect your server.

If you use standalone, yes, you have to stop your running webserver. But then it’s impossible to check your configuration, because this is a temporary running webserver.

So using a running webserver and webroot allows better debugging and tests.


closed #9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.