Connection refused with right DNS

Hello fellows,
First of all - I have checked all questions on this topic and nothing have worked, so posting here :slight_smile: .
My DNS are right - DNS Checker - DNS Propagation Check & DNS Lookup -> the IP is as it should be -

My domain is:

I ran this command:

sudo certbot --nginx -d -d

It produced this output:


 - The following errors were reported by the server:

   Type:   connection
   Detail: Fetching
   Connection refused

   Type:   connection
   Detail: Fetching
   Connection refused

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

My web server is (include version): Ubuntu 18.04 - Droplet by Dig. Ocean

I can login to a root shell on my machine (yes or no, or I don't know): yes

certbot --version -> certbot 0.27.0

Best Regards,

1 Like

I can't connect to your site via HTTP:

curl -Iki
curl: (56) Recv failure: Connection reset by peer

A working website is required before certbot can use HTTP authentication.

1 Like

That's an extremely old version of certbot, and while that isn't the direct cause of your problem, you should come up with a way to update it.

But to your actual problem, as @rg305 says, to use certbot that way, you'd need to have nginx up and running, and accessible from the outside world. Make sure any firewall on your droplet, as well as in your DigitalOcean control panel, allows (at least) port 80, and (hopefully) also port 443.


Welcome to the Let's Encrypt Community, ykostov :slightly_smiling_face:

I concur with @rg305's findings.

You can test ports 80 (http) and 443 (https) using the following tool (by putting your domain name in the box rather than an IP address):

1 Like

OK so there's some crazy stuff going on here....

22/tcp  filtered ssh
80/tcp  closed   http
443/tcp closed   https

@danb35 @rg305 and @griffin have pointed out some of the anomalies here.
Do you want a website or not?
Why have a project that no one can see... baffles me.
Open Port 80, and 443 (22 is optional sorta)
Whats really going on here?
Lets go!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.