Connection refused

shtirlic · May 12, 2019, 11:07am

Hello,
we renewed certificates for several years, but recently it started to return the error of connection refused. We checked ports: 443 and 80 are reachable. File is also reachable via web browser.
Any suggestions please?

My domain is: mystery-home-shop.com

We’re usually not managing networks so nothing suppose to change on firewalls unless hosting company change something

I ran this command: /root/opt/letsencrypt/letsencrypt-auto certonly --renew-by-default --email info@idventure.de -a manual -d mystery-home-shop.com

It produced this output:
Challenge failed for domain mystery-home-shop.com

http-01 challenge for mystery-home-shop.com

Cleaning up challenges

Some challenges have failed.

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: mystery-home-shop.com

Type: connection

Detail: Fetching

https://mystery-home-shop.com/.well-known/acme-challenge/KBbD3oeGv2broZwOwkRavuM3DA8xZiJRSdfoq2TEJqU:

Connection refused

To fix these errors, please make sure that your domain name was

entered correctly and the DNS A/AAAA record(s) for that domain

contain(s) the right IP address. Additionally, please check that

your computer has a publicly routable IP address and that no

firewalls are preventing the server from communicating with the

client. If you’re using the webroot plugin, you should also verify

that you are serving files from the webroot path you provided.

JuergenAuer · May 12, 2019, 11:13am

Hi @shtirlic

you have ipv4- and ipv6 - addresses ( https://check-your-website.server-daten.de/?q=mystery-home-shop.com ):

Host	T	IP-Address	is auth.	∑ Queries	∑ Timeout
mystery-home-shop.com	A	88.99.87.195	yes	1	0
	AAAA	2a01:4f8:c17:6a9c::2	yes
www.mystery-home-shop.com	A	88.99.87.195	yes	1	0
	AAAA	2a01:4f8:c17:6a9c::2	yes

But your http + ipv6 doesn't work:

Domainname	Http-Status	redirect	Sec.	G
• http://mystery-home-shop.com/
88.99.87.195	301	https://mystery-home-shop.com/	0.047	A

• http://www.mystery-home-shop.com/
88.99.87.195	301	https://mystery-home-shop.com/	0.046	E

• http://mystery-home-shop.com/
2a01:4f8:c17:6a9c::2	-2		1.077	V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it [2a01:4f8:c17:6a9c::2]:80

• http://www.mystery-home-shop.com/
2a01:4f8:c17:6a9c::2	-2		1.097	V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it [2a01:4f8:c17:6a9c::2]:80

• https://www.mystery-home-shop.com/
88.99.87.195	301	http://mystery-home-shop.com/	0.264	N
Certificate error: RemoteCertificateNameMismatch

• https://mystery-home-shop.com/
88.99.87.195	200		0.856	I

• https://mystery-home-shop.com/
2a01:4f8:c17:6a9c::2	-2		1.094	V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it [2a01:4f8:c17:6a9c::2]:443

• https://www.mystery-home-shop.com/
2a01:4f8:c17:6a9c::2	-2		1.093	V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it [2a01:4f8:c17:6a9c::2]:443

• http://mystery-home-shop.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
88.99.87.195	301	https://mystery-home-shop.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.047	A
Visible Content: Moved Permanently The document has moved here .

• http://www.mystery-home-shop.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
88.99.87.195	301	https://mystery-home-shop.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.046	E
Visible Content: Moved Permanently The document has moved here .

• http://mystery-home-shop.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a01:4f8:c17:6a9c::2	-2		1.060	V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it [2a01:4f8:c17:6a9c::2]:80
Visible Content:

• http://www.mystery-home-shop.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a01:4f8:c17:6a9c::2	-2		1.080	V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it [2a01:4f8:c17:6a9c::2]:80

Looks like your port 80 / ipv6 isn't configured or blocked by a firewall.

That's critical, because Letsencrypt prefers ipv6.

So

check your firewall settings and check, if ipv6 is configured (or)
remove the ipv6 AAAA entry, create a certificate, then fix your ipv6

shtirlic · May 12, 2019, 11:15am

Thank you @JuergenAuer, we will have a look into it!

system · June 11, 2019, 11:15am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Some challenges failed (Connection refused) Help	3	1803	May 15, 2019
Connection refused? Help	36	5084	January 31, 2021
Failed to request service certificate Connection refused Help	8	2671	December 21, 2017
Connection refused server could not connect to the client to verify the domain Help	6	1220	April 5, 2021
Issue a new certificate connection refused Help	18	7280	December 25, 2019

Connection refused

Related topics