[DESPERATELY NEED HELP...] Able to Access my Webpage with Public IP but Not Domain

A few days ago I used CERTBOT to install SSL on my website which is running on APACHE2 on my Raspberry Pi (Debian 10). After the process has finished, I found that I could no longer access my website with my domain (registered at Godaddy.com) which says “ERR_CONNECTION_REFUSED”. Strangely, I could still access the website with my public IP address.

Since then I have been desperately looking for a solution online for more than 12+ hours yet I still could not find a solution. Today I reset my home router, re-installed my Raspberry Pi and still I am facing the same issue…:frowning:

Some more information:

  • My Godaddy account has an “A” record and Host “@” that points to my IP address.

  • My router now forward both 80 and 443.

===========================================================================

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: zenfleurs.com (61.239.58.130)

I ran this command: sudo certbot certonly --apache

It produced this output: "ERR_CONNECTION_REFUSED"

My web server is (include version): Apache2

The operating system my web server runs on is (include version): Raspberry Pi (Debian 10)

My hosting provider, if applicable, is: Self-hosting

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

2 Likes

Welcome to the Let’s Encrypt Community :slightly_smiling_face:

Sorry you’re facing some troubles. :worried: Let’s see what we can do. :thinking:

3 Likes

That is not any output of certbot. It looks more like a webbrowser error. The idea about the “it produced this output” is that you’ll paste the output of the command you ran at the “I ran this command” question.

Also, your site is working nicely on HTTP/port 80 from my endpoint. So I’m not really seeing that error here.

The few things I can see are:

  • you have generated three certificates the last few days: https://crt.sh/?q=zenfleurs.com&deduplicate=y You have generated separate certificates for the “bare” domain name and the www subdomain. Most users would want to have both hostnames in the same certificate
  • your webserver isn’t reachable through HTTPS/port 443.
3 Likes

Thanks @griffin! That’s a very warm welcome! :smiley:

3 Likes

Appreciate your help @Osiris!! :smiley:

You just gave me a hint that I could indeed access the page when I typed “http://www.zenfleurs.com” in the browser correctly!! (I have been putting zenfleurs.com on the address bar in the past few days and I just realized that it will automatically changed it to HTTPS and hence could not get me there…!)

Since I have re-installed my Raspberry Pi earlier today I will now see if I could create another certificate that could enable HTTPS access…

2 Likes

I’d like to mention the existance of rate limits See: https://letsencrypt.org/docs/rate-limits/

Nah, after reinstalling the OS, there’s nothing to rollback to :stuck_out_tongue:

3 Likes

We aim to please. :grinning:

As almost always, I concur with @Osiris.

You can use certbot --apache rollback to undo the certbot changes to get things functioning again. Each run rolls back a single change cycle.

To keep from hitting the rate limits @Osiris mentioned, once you have successfully acquired a certificate, use certbot install ... so you’re not trying to acquire another certificate and only trying to enable https.

2 Likes

@Osiris

Unfortunately very true. :slightly_frowning_face:

I wrote my post before I saw your second post.

2 Likes

Or install it manually. The use of certonly is so the user can install the certificate manually in their services. Otherwise one could also just forgo with the certonly option and let certbot install the certificate immediately after the issuance in the same run.

3 Likes

@Osiris @griffin

I have to thank you both for offering help!!! The problem has been haunting me and I have been spending days on this googling with dozens of keyword combinations yet no solution is found. Your replies gave me some insights and made me realized that it has been a stupid mistake that I have committed. Gosh I should have posted my question here earlier to save me from the hassles!

I have just installed the certificates and now the website looks good with SSL certificates! Thanks again for the help and I would in return offer my help and try to contribute to the community :smiley:

It is almost 3am midnight in my country and I shall go to bed now… :sleeping:

2 Likes

Glad it worked out! :smiley:

Manual install works too. I usually recommend install for people trying to work-out their configuration issues so as to avoid hitting the identical limit.

@mkkisaac It looks like there’s no redirect for HTTP to HTTPS in place. Did you manually install the certificate or did certbot install it for you? If it’s the latter, it should have asked you if you’d like a redirect.

2 Likes

Ahh yes I recalled seeing a prompt asking me if I should redirect HTTP to HTTPS but I chose “NO”…maybe I should reset it to “YES” instead…?

You can run the exact same certbot command. It will recognise the existing certificate and asks if you’d like to re-issue it (not necessary) or want to install it. You want the latter. After that it should ask you again if you’d like a redirect.

Or just do it manually & add a redirect/rewrite in your port 80 vhost config file.

I stopped opting for the apache install. I haven’t tried it with recent iterations of Certbot, but I tend to prefer a more stringent Cipher Suite config than what was previously in the certbot apache config file, which I have set globally. That said, I simply add the Redirect line in my port 80 config to force https.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.