SSH Fails After Installing Certbot

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: poorya.me

I ran this command: follow install commands in certbot site for ubuntu 16.04 and apache

It produced this output: after reboot I can’t use ssh to connect my server

My web server is (include version): vps, openvz 6

The operating system my web server runs on is (include version): ubuntu 16.04

My hosting provider, if applicable, is: hostsolutions.ro

I can login to a root shell on my machine (yes or no, or I don’t know): no I can’t

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): I can’t check certbot version

Hi @Bardulf

is there an error message?

Your domain works.

Domainname Http-Status redirect Sec. G
• http://poorya.me/
193.148.70.35 301 https://poorya.me/ 0.153 A
• https://poorya.me/
193.148.70.35 200 4.120 B

But there is no content, instead the standard Apache config page.

You’re not running your sshd daemon on port 80 or 443 are you (those are very non-standard for SSH but could be used to get around certain proxy configurations)? That’s the only way I could see certbot having any effect on your ssh server.

I don’t have any problem with ssl itself, but it seem that port 22 got blocked after using certbot, I check iptables and ssh port are allowed, I don’t know what happen after reboot that I can’t login to server and I get “network error network error connection refused”

I am pretty sure that ssh run on other ports, not this two.

The only things certbot changes are within /etc/letsencrypt/ or nginx/Apache configuration files (but only when the nginx or apache plugin is used).

I won’t say it’s fully impossible certbot couldn’t result in SSH issues, but it’s very, very improbably, next to impossible certbot is responsible for SSH not being reachable.

1 Like

I know it’s sound silly, but this happend for me, I tried three times by reinstalling my server , after that installing certbot and check iptables , every thing work and ssh port was open, but after reboot SSH fails. I don’t know it’s possible that old kernel cause this? because server use openvz6

1 Like

ssh -vvv might give you a hint of what’s going on.

1 Like

OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving “poorya.me” port ***
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to poorya.me [*******] port ***.
debug1: connect to address ******* port ***: Connection refused
ssh: connect to host poorya.me port ***: Connection refused

Unfortunately my provider doesn’t provide web console so I can’t use that to access my server

Connection refused just means that nobody is listening on that port.

So either OpenSSH has stopped running on the server, or it is listening on a different port.

If you can’t get a web console, then you pretty much will need to get your provider to enter your container from the host, and check what’s happening themselves.

1 Like

I will contact them, but this problem only happen when I install certbot

Provider fix the problem, thanks.

1 Like

Did they tell you what the problem was? Any relation to certbot?

I don’t know it has any relation that it has with certbot, but they told me that add task to crontab that after reboot make /var/run/sshd directory.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.