Failed to establish connection in 6034 ms

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
timemonster.zapto.org
I ran this command:
security enable-ssl-http-server --interactive --lets-encrypt --override-ssl-context
It produced this output:

java.util.concurrent.ExecutionException: org.jboss.as.cli.CommandLineException: Failed to establish connection in 6034
ms

My web server is (include version):
wildfly 26.1.3
The operating system my web server runs on is (include version):
Debian 12
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
no

I ran LetEncrpt debug and all three tests worked.

That's not what I'm getting currently:

ANotWorking

ERROR

timemonster.zapto.org has an A (IPv4) record (107.181.170.39) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.

Get "http://timemonster.zapto.org/.well-known/acme-challenge/letsdebug-test": dial tcp 107.181.170.39:80: connect: connection refused

Trace:
@0ms: Making a request to http://timemonster.zapto.org/.well-known/acme-challenge/letsdebug-test (using initial IP 107.181.170.39)
@0ms: Dialing 107.181.170.39
@178ms: Experienced error: dial tcp 107.181.170.39:80: connect: connection refused

and:

IssueFromLetsEncrypt

ERROR

A test authorization for timemonster.zapto.org to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.

107.181.170.39: Fetching http://timemonster.zapto.org/.well-known/acme-challenge/JHuurXtpQCv4JCIK-5ai1lyUICywq_XWq4Wb9TiWKWY: Connection refused

The webserver wasn't up. You can try it now.

Website wasn't up when you tried it.
Now it works

Here is a list of issued certificates crt.sh | timemonster.zapto.org, the latest one being 2024-03-14.
This is the presently being served certificate SSL Checker, which is this certificate crt.sh | 12383058075.
Seems like the problem is resolved, correct?

It is but I did craziness to get this to work. Should I post my solution.

Do you confirm y/n :y
java.util.concurrent.ExecutionException: org.jboss.as.cli.CommandLineException: Failed to establish connection in 6053ms

[disconnected /]

Rate limit has been exceeded, try again after "1970-01-01T13:55:08Z"

sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443
$ sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -o lo -j REDIRECT --to-port 8443
$ sudo service iptables save

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/timemonster.zapto.org/fullchain.pem
Key is saved at: /etc/letsencrypt/live/timemonster.zapto.org/privkey.pem
This certificate expires on 2024-06-12.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

openssl pkcs12 -export -in /etc/letsencrypt/live/timemonster.zapto.org/fullchain.pem -inkey /etc/letsencrypt/live/timemonster.zapto.org/privkey.pem -out keystore.p12 -name monster

keytool -importkeystore -deststorepass dog5321 -destkeypass dog5321 -destkeystore monster.jks -srckeystore keystore.p12 -srcstoretype PKCS12 -srcstorepass dog5321 -alias monster

Then just copied it in after i made the monster.jks

security enable-ssl-http-server --interactive --lets-encrypt --override-ssl-context
Please provide required pieces of information to enable SSL:

Let's Encrypt account key-store:
File name (default accounts.keystore.jks): monster.jks
Password (blank generated): dog5321

Let's Encrypt certificate authority account:
Account name (default CertAuthorityAccount):
Contact email(s) [admin@example.com,info@example.com]: wcteskey@gmail.com
Password (blank generated): dog5321
Alias (blank generated): monster
Certificate authority URL (default https://acme-v02.api.letsencrypt.org/directory):

Let's Encrypt TOS (Terms of Service - Let's Encrypt Community Support)
Do you agree to Let's Encrypt terms of service? y/n:y

Certificate info:
Key-store file name (default default-server.keystore): monster.keystore
Password (blank generated): dog5321
Your domain name(s) (must be accessible by the Let's Encrypt server at 80 & 443 ports) [example.com,second.example.com]: timemonster.zapto.org
Alias (blank generated): monster
Enable SSL Mutual Authentication y/n (blank n):n

Let's Encrypt options:
account key store name: account-key-store-239a7635-e8c3-4ce0-9d69-92d36ff365be
password: dog5321
account keystore file monster.jks will be generated in server configuration directory.
Let's Encrypt certificate authority account name: CertAuthorityAccount
contact urls: [mailto:wcteskey@gmail.com]
password: dog5321
alias: monster
certificate authority URL: https://acme-v02.api.letsencrypt.org/directory
You provided agreement to Let's Encrypt terms of service.

SSL options:
key store file: monster.keystore
domain name: [timemonster.zapto.org]
password: dog5321
validity: 90
alias: monster
Certificate will be obtained from Let's Encrypt server and will be valid for 90 days.
Server keystore file will be generated in server configuration directory.

Do you confirm y/n :y
java.util.concurrent.ExecutionException: org.jboss.as.cli.CommandLineException: Failed to establish connection in
6007ms

AT THIS POINT:

I have enough of the structure of the standalone.xml file to just copy the certificate that I failed on and it works.

William

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.