Searched and found quite a few similar issues but none that said Connection refused. This just started to happen since the last update so i am not sure what is causing this or how to correct it? Here is the full error (minus my domain of course)
An error was encountered requesting certificate for host domain server.myserver.com:
The Let’s Encrypt HTTP challenge failed: acme error ‘urn:acme:error:connection’: Fetching http://server.myserver.com/.well-known/acme-challenge/dU2T56bwE9Vtt7_Hl_jefrOvY7t5cXS9psjKSNRmGb8: Connection refused
Service certificate was not renewed.
Moving this to the “Help” topic. Since you created it in “Server”, you didn’t see the following questions. Could you please fill this out for us to provide you assistance?
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Thanks Jared, yea I did not see those questions. Here ya go…
My domain is: https://coghosting.com
I ran this command: No command ran, this is coming as an alert from cPanel.
It produced this output: The output I entered into the initial support request is what is sent to me.
My web server is (include version): CLOUDLINUX 6.9 standard [server] v68.0.13
The operating system my web server runs on is (include version): CentOS 6.x
My hosting provider, if applicable, is: SingleHop
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Both, cPanel/WHM and SSH.
Hm, so, I’m not seeing a refusal when I run a GET against the challenge directory or where the file used to be, just an expected 404. I’m thinking it may have been some permission issue where the webserver wasn’t able to serve the challenge file. Could you place a test text file in that directory? (
Let me know the name once you put this up and we’ll go from there. You might also look through your web server logs to see if you can find the refusal for
/.well-known/acme-challenge/dU2T56bwE9Vtt7_Hl_jefrOvY7t5cXS9psjKSNRmGb8, or if perhaps it was blocked by a firewall at some point before hitting your server.
I will let this ride as is for a while. It might have just been at the wrong time. I know SingleHop has had some router issues and that may possibly be the cause. Since this is the first log of this type, it might have just been some sort of glitch. If it happens again I will post and give you some more details if I can find anything in the logs. Might even give you SSH and you can possibly find the culprit faster than I can.
Intermittent failures sounds like a reasonable explanation from what I’ve seen poking around, hope it’s working going forward!
This is still happening and none of the certs are updating. Just says connection refused.
Your server is server.coghosting.com, not coghosting.com.
It is not listening on port 80 or 443, for some reason. This is the direct reason that the renewals are failing, because they happen using the http-01 validation challenge:
$ curl server.coghosting.com
curl: (7) Failed to connect to server.coghosting.com port 80: Connection refused
$ curl https://server.coghosting.com
curl: (7) Failed to connect to server.coghosting.com port 443: Connection refused
However the regular cPanel ports are listening:
$ curl -I https://server.coghosting.com:2083
HTTP/1.1 401 Access Denied
So, I would guess that you have intentionally disabled port 80 and 443 for some reason. Unfortunately, in order to complete the SSL validation, they actually need to be accessible.
I hope that solves your issue @kevinmo.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.