Getting Connection reset by peer, i have been struggling for two days with no success

Help
21

Thank you very much! @rg305

this is what i get when using browsec vpn(Netherlands)

ERROR
The requested URL could not be retrieved
The following error was encountered while trying to retrieve the URL: http://estudent.kmu.edu.et/

Read Error

The system returned: (104) Connection reset by peer

An error condition occurred while reading data from the network. Please retry your request.

Your cache administrator is webmaster.

Generated Fri, 13 Nov 2020 06:32:49 GMT by sq-nl94.brwsc.org (squid)

1 Like
22

And that is what LE sees too.

Please review the logs for any access with:
grep well-known /var/log/nginx/access.log /var/log/nginx/access.log

3 Likes
23

$ sudo cat /var/log/nginx/access.log | grep "/.well-known/acme-challenge/"

196.188.243.95 - - [13/Nov/2020:09:18:40 +0300] "GET /.well-known/acme-challenge/TEQgSWmq4YcipY9JF9pNRN2LNutR7c-kzd9yMEtcGnQ HTTP/1.1" 404 1722 "-" "curl/7.68.0"

$ sudo cat /var/log/nginx/error.log | grep "/.well-known/acme-challenge/"
$

i got a hit in the access.log but that is from my ip!

Thanks again

2 Likes
24

If that is the only one in the log, then you are behind the problem.
And the problem remains somewhere between your server and {LE, me, and your VPN from NL}.

You may need to speak with those network/firewall/security folks after all.

3 Likes
25

Okay Thank You all! :+1:

2 Likes
26

This is what works for me finally
i used DNS challenge validation.

certbot -d estudent.kmu.edu.et --manual --preferred-challenges dns certonly

and follow the instruction certbot provides.(created TXT record)

I think this might help someone. :smiley: :pray:

2 Likes
27

It might help you get a certificate, however, it doesn't help your users for connecting to your site through port 80.

2 Likes
28

... and you don't want to do that --manual every 60 - 85 days.

So that's not really a solution.

Fix your port 80.

3 Likes
29

Or, if port 80 is supposed to be blocked from most of the world, DNS challenges are in fact the way to go but you want to be able to automate them. Certbot has a lot of DNS plugins available; there probably is one for whichever DNS service you use.

4 Likes
30

Hello @JuergenAuer, @petercooperjr
Yes i figured that out. But i don't have access to the firewall from most of the clients, and they always think it is my problem(since it works here in Ethiopia). This thread will be very useful for me to push them even further.

Thanks again!

2 Likes
31

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.