Creating New Certificate .... Failed authorization procedure. Connection refused

root@RetrOrangePi:/etc/letsencrypt# /root/certbot/certbot-auto certonly --standalone --preferred-challenges http-01 --email dony72@gmail.com -d dony-hass.duckdns.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for dony-hass.duckdns.org
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. dony-hass.duckdns.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://dony-hass.duckdns.org/.well-known/acme-challenge/X4X7kf1YdoehzRcs49u1kCVqGrq6IMhD0u7IhAoapWg: Connection refused

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: dony-hass.duckdns.org
    Type: connection
    Detail: Fetching
    http://dony-hass.duckdns.org/.well-known/acme-challenge/X4X7kf1YdoehzRcs49u1kCVqGrq6IMhD0u7IhAoapWg:
    Connection refused

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

i’m new user, so cannot attach log txt file :frowning:
from log file, i suspect because port 80 using IPv6 instead of IPv4
how to resolve this?

2018-09-27 15:53:19,356:INFO:certbot.auth_handler:Performing the following challenges:
2018-09-27 15:53:19,357:INFO:certbot.auth_handler:http-01 challenge for dony-hass.duckdns.org
2018-09-27 15:53:19,360:DEBUG:acme.standalone:Successfully bound to :80 using IPv6
2018-09-27 15:53:19,361:DEBUG:acme.standalone:Certbot wasn’t able to bind to :80 using IPv4, this is often expected due to the dual stack nature of IPv6 socket implementations.
2018-09-27 15:53:19,391:INFO:certbot.auth_handler:Waiting for verification…

log file attached now

letsencrypt.log.txt (22.4 KB)

Hi,

How do you setup your ddns service?

Can you please check if 24.6.46.77 is the correct IPV4 address? Also, do you have a IPV6 Address available to use?

If the IP is correct, can you please confirm that you’ve made a correct port forwarding on the router (or specifically if you are using Comcast Modem?)

Since when i query your domain outside, i could see port 80 & 443 are both not listening… (and because i’m using Comcast / Xfinity too, i’m sure they don’t block connections from 80 & 443)

Also, can you please try to see if there’s any software (web server) like Apache / Nginx / LightHTTPD / LSWS installed & active? If so, please stop those temperorilly.

P.S. the DDNS does not have IPV6 address, so binding to IPV6 does not work.

Thank you

2 Likes

The IPv6 thing is probably a red herring. My money would be on the port forwarding being set up incorrectly.

1 Like

found out port 80 not being forwarded on the router
thanks for the help

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.