Fetching > Connection refused

bisnard29 · November 24, 2020, 5:00pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: afakto.com

I ran this command:
certonly --webroot --webroot-path=/var/www/certbot --email contact@afakto.com --agree-tos --no-eff-email -d afakto.com -d www.afakto.com

It produced this output:
certbot_1 | Challenge failed for domain afakto.com
certbot_1 | Challenge failed for domain www.afakto.com
certbot_1 | http-01 challenge for afakto.com
certbot_1 | http-01 challenge for www.afakto.com
certbot_1 | Cleaning up challenges
certbot_1 | Some challenges have failed.
certbot_1 | IMPORTANT NOTES:
certbot_1 | - The following errors were reported by the server:
certbot_1 |
certbot_1 | Domain: afakto.com
certbot_1 | Type: connection
certbot_1 | Detail: Fetching
certbot_1 | http://afakto.com/.well-known/acme-challenge/0gygpf9AAX8inTwkozLg9H4pYAA71Fd-tmb4qbo_ebs:
certbot_1 | Connection refused
certbot_1 |
certbot_1 | Domain: www.afakto.com
certbot_1 | Type: connection
certbot_1 | Detail: Fetching
certbot_1 | http://www.afakto.com/.well-known/acme-challenge/_fgyrvrdGDM6f-YrNAqcCehgVup2KfSI2o5BMKDa1DE:
certbot_1 | Connection refused
certbot_1 |
certbot_1 | To fix these errors, please make sure that your domain name was
certbot_1 | entered correctly and the DNS A/AAAA record(s) for that domain
certbot_1 | contain(s) the right IP address. Additionally, please check that
certbot_1 | your computer has a publicly routable IP address and that no
certbot_1 | firewalls are preventing the server from communicating with the
certbot_1 | client. If you're using the webroot plugin, you should also verify
certbot_1 | that you are serving files from the webroot path you provided.
afakto_certbot_1 exited with code 1

My web server is (include version): nginx

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): docker image: certbot/certbot

JuergenAuer · November 24, 2020, 5:21pm

Hi @bisnard29

there is no answer. A working port 80 is required if you want to use http validation.

Ronan · November 24, 2020, 5:26pm

Check that ports 80 and 443 are open

also check if the records in the DNS zone with a fixed public IP are included.

bisnard29 · November 24, 2020, 5:30pm

my firewall looks ok right? (i did not install ufw, only relying on firewall provided by OVH)

Osiris · November 26, 2020, 2:04pm

You have IPv4 as wel as IPv6 configured. Your IPv6 isn't working properly.

bisnard29 · November 25, 2020, 4:35pm

Looks like ipv4 and 6 are working properly now. You confirm issue not coming from there?

jsha · November 26, 2020, 2:00am

Here's how you can check if your server is working right: From somewhere outside your network, run this command:

curl www.afakto.com

That should succeed, and show some HTML. Right now it fails:

$ curl www.afakto.com -i
curl: (7) Failed to connect to www.afakto.com port 80: Connection refused

Your firewall configuration looks correct. Perhaps your web server is not running?

system · December 26, 2020, 2:00am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.