Https connection refused


#1

Hi,

I’m trying to get letsencrypt installed on a server running ubuntu 16.

When I run the below: ee site create xxxxxx.com --user=xxxxx --pass=xxxxxxxxxxx --email=myemail@gmail.com --wp --letsencrypt

letsencrypt fails with “Unable to setup, Let’s Encrypt Please make sure that your site is pointed to same server on which you are running Let’s Encrypt Client to allow it to verify the site automatically.”

The site loads on http but I get connection refused on https. A remote port scan shows port 80 open and port 443 closed. I’ve tried with ufw disabled and enabled:

To Action From


22 ALLOW Anywhere 443 ALLOW Anywhere 80 ALLOW Anywhere 25 ALLOW Anywhere 22222 ALLOW Anywhere 11371 ALLOW Anywhere 22 (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6) 80 (v6) ALLOW Anywhere (v6) 25 (v6) ALLOW Anywhere (v6) 22222 (v6) ALLOW Anywhere (v6) 11371 (v6) ALLOW Anywhere (v6)

But no joy. I don’t see any other firewalls running. It’s a clean install of Ubuntu.

I’d appreciate any suggestions.


#2

Couple quick questions:

-> After you run the provided command:

ee site create xxxxxx.com --user=xxxxx --pass=xxxxxxxxxxx --email=myemail@gmail.com --wp --letsencrypt

…does the newly installed website work on port 80?

-> I believe Let’s Encrypt requires that your A Record point to the IP Address associated with your web server and a WWW CNAME record point to your domain. For example:

…if I remember correctly, this is due to LE looking at both the DOMAIN.TLD and WWW.DOMAIN.TLD when you request a cert.

-> Make sure the IP address associated with the DOMAIN in question is only being used for a single SSL Enabled Domain.


#3

Thanks for the reply - yes the site works on port 80 after running that command, and I’d set up the a record for the domain and a cname record for the www.

Thing is the server wasn’t listening on port 443 - remote port scan said it was closed, so letsencrypt could never have worked in that scenario.

I ended up using vestacp and all is working fine…


#4

I had this issue when I didn’t add the www record to the DNS.


#5

Yeah, port 443 definitely has to be working for SSL to work.

Your OP said “443 ALLOW ANYWHERE” and I’m glad you figured it out, but I’d like to know, for future reference, where port 443 was still closed? You also said you used vestacp to fix it. What exactly did you do, in vestacp to fix it?


#6

Absolutely! That was exactly what I was saying, earlier.


#7

For vestacp, I just started with a clean OS install, rand the vesta install and used a free online cert generator (basically a wrapper for letsencript) to generate the cert. https/443 was working out of the box.


#8