ECONNREFUSED errors

My domain is: skyjs.net, www.skyjs.net

I ran this command:

node server.js

It produced this output:

Fetching certificate for 'skyjs.net' to use as default for HTTPS server...
[acme-v2] handled(?) rejection as errback:
Error: connect ECONNREFUSED 165.227.37.46:80
    at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1097:14)
Error loading/registering certificate for 'skyjs.net':
{ Error: connect ECONNREFUSED 165.227.37.46:80
    at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1097:14)
  errno: 'ECONNREFUSED',
  code: 'ECONNREFUSED',
  syscall: 'connect',
  address: '165.227.37.46',
  port: 80 }

(node:19962) UnhandledPromiseRejectionWarning: Error: connect ECONNREFUSED 165.227.37.46:80
    at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1097:14)
(node:19962) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
(node:19962) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

My web server is (include version):

node script

The operating system my web server runs on is (include version):

centos

My hosting provider, if applicable, is:

easydns

I can login to a root shell on my machine (yes or no, or I don’t know):

yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

lgreenlock-express

My script

'use strict';

require('greenlock-express').create({
  version:'draft-11',
 server:'https://acme-staging-v02.api.letsencrypt.org/directory',
 // server:'https://acme-v02.api.letsencrypt.org/directory',
  email: 'info@mail.jacob-bogers.com'     // The email address of the ACME user / hosting provider
, agreeTos: true                    // You must accept the ToS as the host which handles the certs
, approvedDomains: ['skyjs.net','www.skyjs.net']
, configDir: '~/.config/acme/'      // Writable directory where certs will be saved
, communityMember: true             // Join the community to get notified of important updates
, telemetry: true                  // Contribute telemetry data to the project

  // Using your express app:
  // simply export it as-is, then include it here
, app: function (req, res) {
  res.setHeader('Content-Type', 'text/html; charset=utf-8')
  res.end('Hello, World!\n\n💚 🔒.js');
}

//, debug: true
}).listen(8080, 8081);

Does that part mean the client will listen on port 8080 and 8081 for the challenge? Because Let's Encrypt can only use port 80 for the http-01 challenge and port 443 for the tls-alpn-01 challenge.

Hi @jacobbogers

your domain is invisible ( https://check-your-website.server-daten.de/?q=skyjs.net ):

Domainname Http-Status redirect Sec. G
http://skyjs.net/
165.227.37.46 -2 1.337 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 165.227.37.46:80
http://www.skyjs.net/
165.227.37.46 -2 1.330 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 165.227.37.46:80
https://skyjs.net/
165.227.37.46 -2 1.330 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 165.227.37.46:443
https://www.skyjs.net/
165.227.37.46 -2 1.336 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 165.227.37.46:443
http://skyjs.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
165.227.37.46 -2 1.324 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 165.227.37.46:80
Visible Content:
http://www.skyjs.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
165.227.37.46 -2 1.327 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 165.227.37.46:80
Visible Content:

Is there a firewall or something else that blocks?

PS: Checked port 8080 - same picture. But you can't use port 8080.

1 Like

Port 80 is mapped to 8080 and port 443 is mapped to 8081, because if you are not a linux root user you cannot bind to ports lower then 1024, ok i will replace with simple http server and check that at least my firewall etc is allowing port 80 and 443 to connect (including working mapping)

That's one reason that certificate authorities are required to check on the low port numbers—only the system administrator (who can bind to these low ports) is allowed to obtain certificates for a system! (That, in turn, is because there are many shared hosting environments in which multiple customers point their domain names at a single server. One customer shouldn't be able to request a certificate for a different customer's domain in this scenario.)

3 Likes

Mmm I will remove mapping and test , as root, against these ports.

Lauren77, thank you, i removed the mapping (listen on 80 and 443) and everything works))

thank everybody in this thread for contributing their 2cts

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.