Unable to connect to the server


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: http://v0-10.choerodon.io

I ran this command: sudo certbot --nginx

It produced this output:

My web server is (include version): nginx/1.12.2

The operating system my web server runs on is (include version): CentOS Linux release 7.6.1810 (Core)

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Configuration successful but not accessible

log:

Your existing certificate has been successfully renewed, and the new certificate
has been installed.

The new certificate covers the following domains: https://v0-10.choerodon.io

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=v0-10.choerodon.io
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/v0-10.choerodon.io/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/v0-10.choerodon.io/privkey.pem
   Your cert will expire on 2019-03-17. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

access https://www.ssllabs.com/ssltest/analyze.html?d=v0-10.choerodon.io.
it output: Assessment failed: Unable to connect to the server


#2

Hi @yooxinz

this (output from https://check-your-website.server-daten.de/?q=v0-10.choerodon.io )

Domainname Http-Status redirect Sec. G
http://v0-10.choerodon.io/
35.187.150.118 301 https://v0-10.choerodon.io/ 0.544 A
https://v0-10.choerodon.io/
35.187.150.118 -2 1.827 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 35.187.150.118:443
http://v0-10.choerodon.io/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
35.187.150.118 301 https://v0-10.choerodon.io/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.560 A
https://v0-10.choerodon.io/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de -2 1.820 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 35.187.150.118:443

looks like you have a firewall. http works, but https is blocked.

So check your firewall settings.


#3

There may be two firewalls to deal with:

  • CentOS firewall
  • AWS firewall

#4

Sorry, My hosting provider is: GCE

CentOS firewall not running

[star@choerodon-web ~]$ firewall-cmd --state
not running
[star@choerodon-web ~]$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DOCKER (0 references)
target     prot opt source               destination

Chain DOCKER-ISOLATION-STAGE-1 (0 references)
target     prot opt source               destination

Chain DOCKER-ISOLATION-STAGE-2 (0 references)
target     prot opt source               destination

Chain DOCKER-USER (0 references)
target     prot opt source               destination

GCE allow 443


#5

Now there is no active refused. Instead a timeout.

But your http works and answers with a 301 - redirect. Is your https running?


#6

Thank you for your help. It work.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.