Urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Connection refused

Failed authorization procedure. SITE.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Connection refused
is there a way to fix it?

Site is accessible from public.
[root@server temp]# cat /etc/*issue
CentOS release 6.9 (Final)
Kernel \r on an \m

Apache on 81 port, nginx on 80
tried to run ./certbot-auto and ./certbot-auto --nginx - result is the same.

dig +short A SITE.com @ns1.host.net.
dig +short A SITE.com @ns2.host.net.
shows same corrrect ip

Please answer the following questions. The forum software should have asked you them when creating your post but sometimes it’s possible to create a post in a way that they don’t show up. :frowning:

Please fill out the fields below so we can help you better.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Since you’re using both Apache and Nginx we really need more specific information about what you did and your setup in order to suggest the correct course of action. The exact full certbot command(s) you tried and their full output would be really helpful. And if you don’t mind sharing your domain name, we can check it for common issues.

My domain is:

I ran this command:

./certbot-auto --nginx

It produced this output:

/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/init.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 12
Obtaining a new certificate
/root/.local/share/letsencrypt/lib/python2.6/site-packages/acme/jose/jwa.py:110: DeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
signer = key.signer(self.padding, self.hash)
Performing the following challenges:
tls-sni-01 challenge for
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Connection refused

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: .com
    Type: connection
    Detail: Connection refused

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you're using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My web server is (include version):

nginx/1.12.1
Apache/2.2.15 (Unix)

The operating system my web server runs on is (include version):

CentOS release 6.9 (Final)

My hosting provider, if applicable, is:
dedicated server
I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

ISPMANAGER 4.......................................

I’m unable to reproduce any connectivity issues to your domain. It’s likely the connection refused issue is specific to port 443, the standard HTTPS port and the one used for tls-sni-01 verification.

I’m not sure why nginx is not able to listen on port 443. The port appears to be simply closed and not firewalled. Some firewalls aren’t so obvious, so you might want to double-check and make sure port 443 is open anywhere you can anyway.

Are there any recent messages in /var/log/nginx/error.log that aren’t just 404 errors for your website and the like?

i’ve fixed an issue. i had to make a certificate at ISPMANAGER first and then create with certbot.
Now i got other problem with wordpress- i can not login to wp-admin because of redirect.

How to disable redirect???

fixed with $_SERVER[‘HTTPS’] = ‘on’; in wp_config.php

1 Like

deleted my domain from posts. ypu can close/delte the thread.
thx for a help!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.