SeaFile Certificate for https but get connection refused

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
gonsernas.zapto.org

I ran this command:

sudo certbot --authenticator standalone --installer nginx -d gonsernas.zapto.org --pre-hook "service nginx stop" --post-hook "service nginx start"

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer nginx
Running pre-hook command: service nginx stop
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for gonsernas.zapto.org
Waiting for verification...
Cleaning up challenges
Running post-hook command: service nginx start
Failed authorization procedure. gonsernas.zapto.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://gonsernas.zapto.org/.well-known/acme-challenge/3N6nKsSq-YYNU7Vo0QRBpDkpkOK5Ti7c_OGVee_dANk: Connection refused

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: gonsernas.zapto.org
    Type: connection
    Detail: Fetching
    http://gonsernas.zapto.org/.well-known/acme-challenge/3N6nKsSq-YYNU7Vo0QRBpDkpkOK5Ti7c_OGVee_dANk:
    Connection refused

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you're using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.
    My web server is (include version):

The operating system my web server runs on is (include version):
Raspberry Pi 3b

My hosting provider, if applicable, is:
Kabel-Deutschland

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
i think no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
python-certbot-nginx is already the newest version (0.31.0-1).

1 Like
2

Hi and welcome to the community!

Is port 80 open to your system?
Have you confirmed the IP?
Show:
curl -4 ifconfig.co

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

1 Like
3

Yes it is open. Http Port 80 for my GonserNAS(RaspberryPi)

This comes out: 77.21.252.87

1 Like
4

And yet:

curl -Iki http://gonsernas.zapto.org
curl: (7) Failed to connect to gonsernas.zapto.org port 80: Connection refused

curl -Iki http://77.21.252.87
curl: (7) Failed to connect to 77.21.252.87 port 80: Connection refused

Is there a router/modem that would need to be set to port forward?

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

1 Like
5

The "connection refused" issues are seeming to be becoming systemic, @rg305.

From Dig:

gonsernas.zapto.org. 59 IN A 77.21.252.87
zapto.org. 59 IN A 8.23.224.108
zapto.org. 59 IN SOA nf1.no-ip.com. hostmaster.no-ip.com. 2079748854 90 120 604800 60

From Let's Debug:

Screenshot_20201023-154428_Samsung Internet
Screenshot_20201023-154428_Samsung Internet1393×2021 1.02 MB

1 Like
6

Yes there is a FritzBox, but i thought i open the Ports for this.
Here is what i got:
Unbenannt

2 Likes
7

That looks good. Are you able to visit your own website using a standard browser?

1 Like
8

No, there will be a timeout. Dont know why.

1 Like
9

Is your server located in the same region as your browsing device?

1 Like
10

Dont know how to get that information. sorry !

1 Like
11

I'm not familiar with that box.
And your picture doesn't show the internal IP being forwarded to (no need for it - but you need to ensure it can be reached).
That said, can you reach your site from any other device (not on that network - like from a smartphone)?

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

1 Like
12

Get with us here, Rudy. :wink:

1 Like
13

No i cant. tested it. No Connection

1 Like
14

I think @rg305 was leading to the same thing I was though. Did you test from outside your network, specifically?

1 Like
15

I turn my head and miss six posts! - LOL

How's a guy supposed to enjoy a cold :beer:?

1 Like
16

Happens to the best of us, brother. Half the time I ask for things in the original post. :rofl:

1 Like
17

Yes i tested it from "outside"

1 Like
18

Well then you need to speak with your ISP or check your firewall/IPS/GeoLocation blocking devices.
We are not alone when we say: Your site can't be reached from the Internet.

That said, there is always DNS authentication...

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

1 Like
19

Dont know what else to do..IPS?

1 Like
20

IPS = Intrusion Prevention System
If you don't know what it means, you probably don't have one.

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

1 Like