Failed to connect to host for acme-challenge

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ggc.world

I ran this command:

Following the indications found here: https://webilicious.xyz/getting-began-with-acme-sh-lets-encrypt-ssl-consumer/

(base) marco@pc01:~/webMatters$ git clone https://github.com/acmesh-official/acme.sh.git
Cloning into 'acme.sh'...
remote: Enumerating objects: 9876, done.
remote: Total 9876 (delta 0), reused 0 (delta 0), pack-reused 9876
Receiving objects: 100% (9876/9876), 3.86 MiB | 5.36 MiB/s, done.
Resolving deltas: 100% (5801/5801), done.
(base) marco@pc01:~/webMatters$ cd acme.sh/
(base) marco@pc01:~/webMatters/acme.sh$ sudo mkdir data

root@pc01:/home/marco/webMatters/acme.sh# acme.sh --issue -d www.ggc.world -d ggc.world 
--webroot /var/www/ggc.world --force --debug 2

It produced this output:

www.ggc.world:Verify error:Fetching http://www.ggc.world/.well-known/acme-challenge
/2hDrD9c1PpCBlMdccXRu-c5LEaJ2bSW52kEkU9V6Dvw: Connection refused

Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 7

CURLE_COULDNT_CONNECT (7)  : https://curl.haxx.se/libcurl/c/libcurl-errors.html

Failed to connect() to host or proxy. 

Here the complete log: FailedToConnectToHost.txt (51.5 KB)

My web server is (include version): nginx version: nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04.4 Desktop

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Looking forward to your kind help.
Marco

1 Like

This is your problem–your server is refusing connections from the outside world. You need to fix that before Let’s Encrypt will be able to issue a cert.

1 Like

After dis-installing and completely removing nginx and acme.sh, re-installing them again from scratch, and retrying to issue certificates, and getting the same “Connection refused” without any apparent reasons, and this for two times, I decided to try with Certbot.
I followed the well done indications found here: https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8 and got the certificates, which, according to https://www.ssllabs.com/ssltest/analyze.html?d=www.ggc.world has an overall rating of A.

But with https://check-your-website.server-daten.de/?q=ggc.world I get this error:
|C| Error - no version with Http-Status 200

|H| fatal error: No https - result with http-status 200, no encryption

For this new error type I opened a new Help Request: Https://check-your-website.server-daten.de/?q=ggc.world : fatal error: No https - result with http-status 200, no encryption

1 Like

There appears to be a routing issue (or firewall issue):

curl -Iki http://www.ggc.world/
curl: (7) Failed to connect to www.ggc.world port 80: No route to host

#ping www.ggc.world
Pinging www.ggc.world [2.36.58.214] with 32 bytes of data:
Reply from 2.36.58.214: Destination host unreachable.
Reply from 2.36.58.214: Destination host unreachable.
Reply from 2.36.58.214: Destination host unreachable.
Reply from 2.36.58.214: Destination host unreachable.
Ping statistics for 2.36.58.214:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
#ping www.ggc.world
PING www.ggc.world (2.36.58.214) 56(84) bytes of data.
From net-2-36-58-214.cust.vodafonedsl.it (2.36.58.214) icmp_seq=1 Destination Host Unreachable
From net-2-36-58-214.cust.vodafonedsl.it (2.36.58.214) icmp_seq=2 Destination Host Unreachable
From net-2-36-58-214.cust.vodafonedsl.it (2.36.58.214) icmp_seq=3 Destination Host Unreachable
From net-2-36-58-214.cust.vodafonedsl.it (2.36.58.214) icmp_seq=4 Destination Host Unreachable
^C
--- www.ggc.world ping statistics ---
7 packets transmitted, 0 received, +4 errors, 100% packet loss, time 6075ms
1 Like

There are a lot of checks created today - https://check-your-website.server-daten.de/?q=ggc.world

www and non-www worked, last check is ~~30 minutes old.

So the server is now offline.

1 Like

@rg305 I beg your pardon.

I’ve been modifying nginx configuration on the fly.

Now according to https://check-your-website.server-daten.de/?q=ggc.world#html-content I’ve got Content problems-mixed content,missing files.

and according to https://www.ssllabs.com/ssltest/analyze.html?d=www.ggc.world the overall rating is A+

1 Like

Well… the “problem” persists (at least from where I’m connected to the Internet):

or maybe an IPS or Geo-Location blocking system is in play.

1 Like