Connection refused with right DNS

ykostov · July 9, 2021, 12:52pm

Hello fellows,
First of all - I have checked all questions on this topic and nothing have worked, so posting here .
My DNS are right - DNS Checker - DNS Propagation Check & DNS Lookup -> the IP is as it should be - 46.101.110.188

My domain is: izberi.site

I ran this command:

sudo certbot --nginx -d izberi.site -d www.izberi.site

It produced this output:

(...)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: izberi.site
   Type:   connection
   Detail: Fetching
   http://izberi.site/.well-known/acme-challenge/MywSvfeJLQ07NRyoV2PwMvd1EXTJ7RzsjuUuY9_sJnY:
   Connection refused

   Domain: www.izberi.site
   Type:   connection
   Detail: Fetching
   http://www.izberi.site/.well-known/acme-challenge/TM_gxtpjwzz6Xiz9M9V235yci6qjHwH8xEUX90_buzU:
   Connection refused

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

My web server is (include version): Ubuntu 18.04 - Droplet by Dig. Ocean

I can login to a root shell on my machine (yes or no, or I don't know): yes

certbot --version -> certbot 0.27.0

Best Regards,
ykostov

rg305 · July 9, 2021, 4:18pm

I can't connect to your site via HTTP:

curl -Iki http://izberi.site/
curl: (56) Recv failure: Connection reset by peer

A working website is required before certbot can use HTTP authentication.

danb35 · July 9, 2021, 9:54pm

That's an extremely old version of certbot, and while that isn't the direct cause of your problem, you should come up with a way to update it.

But to your actual problem, as @rg305 says, to use certbot that way, you'd need to have nginx up and running, and accessible from the outside world. Make sure any firewall on your droplet, as well as in your DigitalOcean control panel, allows (at least) port 80, and (hopefully) also port 443.

griffin · July 9, 2021, 10:30pm

Welcome to the Let's Encrypt Community, ykostov

I concur with @rg305's findings.

You can test ports 80 (http) and 443 (https) using the following tool (by putting your domain name in the box rather than an IP address):

https://www.yougetsignal.com/tools/open-ports/

Rip · July 10, 2021, 2:52am

OK so there's some crazy stuff going on here....

PORT    STATE    SERVICE
22/tcp  filtered ssh
80/tcp  closed   http
443/tcp closed   https

@danb35 @rg305 and @griffin have pointed out some of the anomalies here.
Do you want a website or not?
Why have a project that no one can see... baffles me.
Open Port 80, and 443 (22 is optional sorta)
Whats really going on here?
Lets go!

system · August 9, 2021, 2:52am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.