Connection reset by peer Error

I’m trying to configure on my server, I have full access to ir and my domain is correctly published and responding to my own IP.

My domain is: ajsantos.com.br

I ran this command: certbot --apache

It produced this output: Waiting for verification…
Challenge failed for domain ajsantos.com.br
http-01 challenge for ajsantos.com.br
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: ajsantos.com.br
    Type: connection
    Detail: Fetching
    http://ajsantos.com.br/.well-known/acme-challenge/-50uqRD-0DEFAFge9rbSFa37bGM68rkHb4kFhBUwcEY:
    Connection reset by peer

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My web server is (include version): Apache/2.4.6 (CentOS)

The operating system my web server runs on is (include version): CentOS Linux 7

My hosting provider, if applicable, is: Embratel/Claro Brazil

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.6.0

1 Like

Hi @lucioacsantos

there is a check of your domain, some hours old - https://check-your-website.server-daten.de/?q=ajsantos.com.br

http and http + /.well-known/acme-challenge/random-filename works, the expected result http status 404 - Not Found.

So if Letsencrypt has that "Connection reset by peer" error, you may have a blocking firewall or something else. May be a regional filter.

2 Likes

I have tried using the --manual parameter, certbot run -a manual -i apache -d ajsantos.com.br -d www.ajsantos.com.br, but had the same error while trying to connect.

Domain: ajsantos.com.br
Type: connection
Detail: Fetching
http://ajsantos.com.br/.well-known/acme-challenge/Kf1gDlRcER36pADA57Xpr3JJk_VDgTdE4d1WbfW92Vc:
Connection reset by peer

This URL is fully accessible by browser or CURL on my local computer, my firewall is disabled and I don’t have others security rules.

How may I solve this problem?

1 Like

You have something. Find that and remove it.

I have checked again, there is no security rules on my server.

I got this log in the access_log from httpd:

3.14.255.131 - - [25/Jul/2020:16:58:03 -0300] “GET /.well-known/acme-challenge/axWZ6_cG_V5hSKF6BOo2J2hwCYoKnxh8d9kl6bTIbQs HTTP/1.1” 200 87 “-” “Mozilla/5.0 (compatible; Let’s Encrypt validation server; +https://www.letsencrypt.org)”
34.222.229.130 - - [25/Jul/2020:16:58:03 -0300] “GET /.well-known/acme-challenge/axWZ6_cG_V5hSKF6BOo2J2hwCYoKnxh8d9kl6bTIbQs HTTP/1.1” 200 87 “-” “Mozilla/5.0 (compatible; Let’s Encrypt validation server; +https://www.letsencrypt.org)”
52.28.236.88 - - [25/Jul/2020:16:58:03 -0300] “GET /.well-known/acme-challenge/axWZ6_cG_V5hSKF6BOo2J2hwCYoKnxh8d9kl6bTIbQs HTTP/1.1” 200 87 “-” “Mozilla/5.0 (compatible; Let’s Encrypt validation server; +https://www.letsencrypt.org)”

The system has a code 200 on this log, there is a valid connection but still with the same error.

1 Like

Checked an own log to find the check of my last certificate:

4 checks per domain name, not 3.

Looks like you block one.

1 Like

Solved by installing VestaCP control panel and activating support SSL Let’s Encrypt on it. Thanks by your help!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.