Error 400 connection refused

doncullen · March 21, 2019, 2:44am

I ran this command: Ran Let’s Encrypt via Plesk

It produced this output:

Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/rHHse8M0xsreC-HoMfZe4phVmNcNyzjVw8wwh_KlIUA.
Details:
Type: urn:acme:error:connection
Status: 400
Detail: Fetching https://doncullen.net/.well-known/acme-challenge/LXxymbUEE5tRmy9cwcXIJ9g3UQlx1so2K7XbJr7-7JA: Connection refused

My web server is (include version): Server version: Apache 2.4.18

The operating system my web server runs on is (include version): Ubuntu 16.04.6 LTS

My hosting provider, if applicable, is: Vultr.com

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk Onyx 17.8.11 Update #45

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Not using it

doncullen · March 21, 2019, 2:47am

Additional details; thought it was maybe the firewall (based on other posts here in the forum). Added 443 to firewall via plesk, and also did the same via ssh (ufw allow https) – both with no problems. Then tried again with Let’s Encrypt. No luck.

Ran SSL Labs test, got grade A:
https://www.ssllabs.com/ssltest/analyze.html?d=doncullen.net&hideResults=on

Telnet works fine (telnet doncullen.net 80, and telnet doncullen.net 443).

Opening https://doncullen.net/.well-known/acme-challenge/LXxymbUEE5tRmy9cwcXIJ9g3UQlx1so2K7XbJr7-7JA directly via browser is successful. No problems seeing it, and the SSL icon in URL of browser (firefox) is solid green, no SSL issues.

I created a new subdomain, then had Let’s Encrypt secure it to see if the result of securing for the first time would be different from renewing; it was. LE had no problems securing it, no error. So it appears to only affect renewal.

So I’m pretty much at a loss. Any help would be appreciated; thanks in advance for your time.

mnordhoff · March 21, 2019, 3:14am

doncullen.net’s IPv6 address returns “connection refused” for HTTP and HTTPS. The IPv4 address works.

doncullen.net.  549  A     149.28.253.46
doncullen.net.  853  AAAA  2001:19f0:6401:18ad:5400:1ff:fec3:4fc3

doncullen · March 21, 2019, 3:30am

# ufw allow from any to any port 549 proto tcp
Rule added
Rule added (v6)
# ufw allow from any to any port 853 proto tcp
Rule added
Rule added (v6)
# ufw reload
Firewall reloaded

Also added those same ports via Plesk firewall, applied, just in case.

Same result; still refusing. Any ideas?

rg305 · March 21, 2019, 8:14am

IPv4 and IPv6 for both HTTP and HTTPS are being refused to me now:

curl -Iki4 http://doncullen.net/
curl: (7) Failed to connect to doncullen.net port 80: Connection refused
curl -Iki4 https://doncullen.net/
curl: (7) Failed to connect to doncullen.net port 443: Connection refused
curl -Iki6 http://doncullen.net/
curl: (7) Failed to connect to doncullen.net port 80: Connection refused
curl -Iki6 https://doncullen.net/
curl: (7) Failed to connect to doncullen.net port 443: Connection refused

As also shown by: https://www.ssllabs.com/ssltest/analyze.html?d=doncullen.net&hideResults=on

jmorahan · March 21, 2019, 8:40pm

Those (549 and 853) are TTLs, not port numbers

The only ports you need to open are 80 and 443.

doncullen · March 23, 2019, 12:54am

For now, I need to renew SSL for two domains; I’m running out of time–so I disabled IPv6 in an attempt to get LE to renew via IPv4. It didn’t work. I’d like to get it to renew, then I’ll work with the people at the Plesk forum to solve the IPv6 issue.

Any ideas why it’s not renewing over IPv4?

Edit: Found the problem. It was due to domain registrar still having AAAA record; had to nix that then retry. Worked without issues.

Next step; figuring out why IPv6 is borking. Thanks!

system · April 22, 2019, 12:54am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.