Http-01 Challenge failed and Connection refused
You have to improve your skills in delimiting this kind of problems. You should check things in an order and rule out possible causes one at a time. Now, you are rushing to the http-01 challenge before you have checked all the prerequisites.
Let's start from the suggestions related to the error found from its own notes, as it already suggests a suitable approach.
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
This is the DNS level and it's easy to test using dig
or nslookup
, e.g.
$ dig pretty-formula.com
;; ANSWER SECTION:
pretty-formula.com. 379 IN A 47.56.96.10
This was expected as this is the IP address from your screenshot. It's not a DNS problem.
Additionally, please check that your computer has a publicly routable IP address
Yes, 47.56.96.10
is a publicly routable IP address. It's also answering to ping, which is just a method to find it's reachable from the routing perspective. It's not a routing problem.
and that no firewalls are preventing the server from communicating with the client.
The server is not listening on HTTP port 80
:
$ nc 47.56.96.10 80 -vvv
nc: connect to 47.56.96.10 port 80 (tcp) failed: Connection refused
Now, it's harder to tell what's the reason.
Firewall. You said the firewall is not enabled. You could try and access the web server from itself. If you can connect the server this way, it's probably a firewall issue. E.g.
curl http://47.56.96.10/ curl http://127.0.0.1/
If you can't connect your server from itself either, make sure that Nginx is started and it's configured to listen on port
80
. It's possible that your web server is not running.
If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
After you have fixed the previous problem, you may face new problems regarding the web server configuration. If the webroot is /var/www/certbot
, you must ensure that http://pretty-formula.com/.well-known/acme-challenge/
goes to file system path /var/www/certbot/.well-known/acme-challenge/
.
It's a bit strange that there's Existing data found for pretty-formula.com.
if this should be a new domain. It might be that this is not the first time you tried this. You have multiple alternatives to handle this:
- remove the previous configuration from
/etc/letsencrypt/renewal/pretty-formula.com
and start over OR - alter the configuration on
/etc/letsencrypt/renewal/pretty-formula.com
to match your Nginx configuration OR - configure the Nginx to match the configuration on Let's Encrypt.
Related videos on Youtube
SoftTimur
Updated on September 18, 2022Comments
-
SoftTimur over 1 year
I just bought a new server, and want to follow this for www.pretty-formula.com.
Here is the record I added to
pretty-formula.com
:In the server,
ufw status
returnedStatus: inactive
.After putting
pretty-formula.com
in related files, I got this error:root@iZj6ce932fiflob4gudnajZ:~/nginx-certbot# ./init-letsencrypt.sh Existing data found for pretty-formula.com. Continue and replace existing certificate? (y/N) y ### Creating dummy certificate for pretty-formula.com ... Generating a RSA private key ......+++++ .........+++++ writing new private key to '/etc/letsencrypt/live/pretty-formula.com/privkey.pem' ----- failed to resize tty, using default size ### Starting nginx ... Recreating nginx-certbot_nginx_1 ... done ### Deleting dummy certificate for pretty-formula.com ... failed to resize tty, using default size ### Requesting Let's Encrypt certificate for pretty-formula.com ... Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for pretty-formula.com http-01 challenge for www.pretty-formula.com Using the webroot path /var/www/certbot for all unmatched domains. Waiting for verification... Challenge failed for domain pretty-formula.com Challenge failed for domain www.pretty-formula.com http-01 challenge for pretty-formula.com http-01 challenge for www.pretty-formula.com Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: pretty-formula.com Type: connection Detail: Fetching http://pretty-formula.com/.well-known/acme-challenge/-yXehDZroR0bFBusF3tEM9Ja9tD1XEXDmAiDnWgP6u8: Connection refused Domain: www.pretty-formula.com Type: connection Detail: Fetching http://www.pretty-formula.com/.well-known/acme-challenge/KbU_eUlIBexvG1zqN-UKB7lhdiIc7MEOYar1w-vlPNs: Connection refused To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. ### Reloading nginx ... cannot exec in a stopped state: unknown
It's a new server and a new domain, I don't understand what's blocking. Does anyone know how to investigate further?
-
SoftTimur about 4 yearsThank you for this long answer...