ERR_CONNECTION_REFUSED after let's encrypt

My domain is: iakzscloud.ddns.net

I ran this command: sudo certbot --apache

It produced this output:
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/iakzscloud.ddns.net/fullchain.pem
Key is saved at: /etc/letsencrypt/live/iakzscloud.ddns.net/privkey.pem
This certificate expires on 2023-10-11.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for iakzscloud.ddns.net to /etc/apache2/sites-enabled/nextcloud-le-ssl.conf
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Unable to restart apache using ['apache2ctl', 'graceful']
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Unable to restart apache using ['apache2ctl', 'graceful']
An error occurred and we failed to restore your config and restart your server. Please post to Help - Let's Encrypt Community Support with details about your configuration and this error you received.
Encountered exception during recovery: certbot.errors.MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

NEXT STEPS:

  • The certificate was saved, but could not be installed (installer: apache). After fixing the error shown below, try installing it again by running:
    certbot install --cert-name iakzscloud.ddns.net

Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): apache2

The operating system my web server runs on is (include version): ubuntu server 22.04.2 LTS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.6.0

Hello @, welcome to the Let's Encrypt community. :slightly_smiling_face:

Your HTTPS Port 443 is Closed (edit: from IPv4).

$ nmap -Pn -p80,443 iakzscloud.ddns.net
Starting Nmap 7.80 ( https://nmap.org ) at 2023-07-13 15:46 UTC
Nmap scan report for iakzscloud.ddns.net (191.112.124.173)
Host is up (0.18s latency).
rDNS record for 191.112.124.173: 191-112-124-173.baf.movistar.cl

PORT    STATE  SERVICE
80/tcp  open   http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.54 seconds
1 Like


i have it open on my router

OK, but on the web server (i.e. apache) is port 443 being served?
Seems like potentially an issue with apache configuration.

Kindly wait for more knowledgeable Let's Encrypt community volunteers to assist.

3 Likes

on ports.conf there's the port 443
Sorry, I dont know too much about this. I'm new

Can you show result of this

sudo netstat -pant | grep -Ei ':80|:443' | grep -i listen
4 Likes

tcp6 0 0 :::80 :::* LISTEN 3129/httpd

FYI - I am only able to check from IPv4 most of the time.

3 Likes

This looks like IPv4 only is being handled with the above.

2 Likes

what i need to do?

Read the manual on your router to see how to handle IPv6 as well.

Can you reboot your server?

How did you install Apache? On my Ubuntu it is called apache2 but yours is showing httpd

4 Likes

This is not pertinent now. They don't have an IPv6 address in their DNS.

4 Likes

Thanks @MikeMcQ for checking that! :slight_smile:

2 Likes

Yes (i'm rebooting it right now)

I followed a nextcloud tutorial and installed it with sudo apt install apache2

After reboot let us know when done and we'll check Apache some more.

4 Likes

It was working until i did a restart like 10 minutes ago to see if the opcache configuration worked.

This is looking better.

$ nmap -Pn -p80,443 iakzscloud.ddns.net
Starting Nmap 7.80 ( https://nmap.org ) at 2023-07-13 16:11 UTC
Nmap scan report for iakzscloud.ddns.net (191.112.124.173)
Host is up (0.19s latency).
rDNS record for 191.112.124.173: 191-112-124-173.baf.movistar.cl

PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 0.27 seconds
2 Likes

OK, it rebooted

And now it is Closed again.

$ nmap -Pn -p80,443 iakzscloud.ddns.net
Starting Nmap 7.80 ( https://nmap.org ) at 2023-07-13 16:12 UTC
Nmap scan report for iakzscloud.ddns.net (191.112.124.173)
Host is up (0.18s latency).
rDNS record for 191.112.124.173: 191-112-124-173.baf.movistar.cl

PORT    STATE  SERVICE
80/tcp  open   http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.28 seconds
2 Likes