ERR_CONNECTION_REFUSED after let's encrypt

iakzs · July 13, 2023, 3:43pm

I ran this command: sudo certbot --apache

It produced this output:
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/iakzscloud.ddns.net/fullchain.pem
Key is saved at: /etc/letsencrypt/live/iakzscloud.ddns.net/privkey.pem
This certificate expires on 2023-10-11.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for iakzscloud.ddns.net to /etc/apache2/sites-enabled/nextcloud-le-ssl.conf
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Unable to restart apache using ['apache2ctl', 'graceful']
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Unable to restart apache using ['apache2ctl', 'graceful']
An error occurred and we failed to restore your config and restart your server. Please post to Help - Let's Encrypt Community Support with details about your configuration and this error you received.
Encountered exception during recovery: certbot.errors.MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

NEXT STEPS:

The certificate was saved, but could not be installed (installer: apache). After fixing the error shown below, try installing it again by running:
certbot install --cert-name iakzscloud.ddns.net

Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): apache2

The operating system my web server runs on is (include version): ubuntu server 22.04.2 LTS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.6.0

Bruce5051 · July 13, 2023, 3:47pm

Hello @, welcome to the Let's Encrypt community.

Your HTTPS Port 443 is Closed (edit: from IPv4).

$ nmap -Pn -p80,443 iakzscloud.ddns.net
Starting Nmap 7.80 ( https://nmap.org ) at 2023-07-13 15:46 UTC
Nmap scan report for iakzscloud.ddns.net (191.112.124.173)
Host is up (0.18s latency).
rDNS record for 191.112.124.173: 191-112-124-173.baf.movistar.cl

PORT    STATE  SERVICE
80/tcp  open   http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.54 seconds

iakzs · July 13, 2023, 3:49pm

i have it open on my router

Bruce5051 · July 13, 2023, 3:52pm

OK, but on the web server (i.e. apache) is port 443 being served?
Seems like potentially an issue with apache configuration.

Kindly wait for more knowledgeable Let's Encrypt community volunteers to assist.

iakzs · July 13, 2023, 3:55pm

on ports.conf there's the port 443
Sorry, I dont know too much about this. I'm new

MikeMcQ · July 13, 2023, 3:56pm

Can you show result of this

sudo netstat -pant | grep -Ei ':80|:443' | grep -i listen

iakzs · July 13, 2023, 3:58pm

tcp6 0 0 :::80 :::* LISTEN 3129/httpd

Bruce5051 · July 13, 2023, 3:59pm

FYI - I am only able to check from IPv4 most of the time.

Bruce5051 · July 13, 2023, 4:01pm

This looks like IPv4 only is being handled with the above.

iakzs · July 13, 2023, 4:02pm

what i need to do?

Bruce5051 · July 13, 2023, 4:04pm

~~Read the manual on your router to see how to handle IPv6 as well.~~

MikeMcQ · July 13, 2023, 4:05pm

Can you reboot your server?

How did you install Apache? On my Ubuntu it is called apache2 but yours is showing httpd

MikeMcQ · July 13, 2023, 4:07pm

This is not pertinent now. They don't have an IPv6 address in their DNS.

Bruce5051 · July 13, 2023, 4:07pm

Thanks @MikeMcQ for checking that!

iakzs · July 13, 2023, 4:09pm

Yes (i'm rebooting it right now)

I followed a nextcloud tutorial and installed it with sudo apt install apache2

MikeMcQ · July 13, 2023, 4:09pm

After reboot let us know when done and we'll check Apache some more.

iakzs · July 13, 2023, 4:11pm

It was working until i did a restart like 10 minutes ago to see if the opcache configuration worked.

Bruce5051 · July 13, 2023, 4:11pm

This is looking better.

$ nmap -Pn -p80,443 iakzscloud.ddns.net
Starting Nmap 7.80 ( https://nmap.org ) at 2023-07-13 16:11 UTC
Nmap scan report for iakzscloud.ddns.net (191.112.124.173)
Host is up (0.19s latency).
rDNS record for 191.112.124.173: 191-112-124-173.baf.movistar.cl

PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 0.27 seconds

iakzs · July 13, 2023, 4:12pm

OK, it rebooted

Bruce5051 · July 13, 2023, 4:13pm

And now it is Closed again.

$ nmap -Pn -p80,443 iakzscloud.ddns.net
Starting Nmap 7.80 ( https://nmap.org ) at 2023-07-13 16:12 UTC
Nmap scan report for iakzscloud.ddns.net (191.112.124.173)
Host is up (0.18s latency).
rDNS record for 191.112.124.173: 191-112-124-173.baf.movistar.cl

PORT    STATE  SERVICE
80/tcp  open   http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.28 seconds