LetsEncrypt causes ERR_CONNECTION_REFUSED

Did you start the web server again? The process turns it off while it creates and verifies the certificates. At least for the method mentioned on that link. It could also be that something is wrong on your configuration that prevented your web server from starting. If it gives you an error using "service nginx start" try "nginx -t" to test the configurations. Maybe that will lead you to the problem. Could be as simple as a typo on the location of the cert and the chain file.

Hey @noeldiaz I have done as you suggessted and nginx started up but the issue is that my server is not listening on port 80 and 443 for some reason. I have tried everything to resolve it with iptables and ufw

Here is my output for nginx -t :

nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied) 2015/12/15 14:12:20 [warn] 29035#0: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1 2015/12/15 14:12:20 [emerg] 29035#0: BIO_new_file("/etc/nginx/ssl/sloco.co.uk/19613/server.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/sloco.co.uk/19613/server.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file) nginx: configuration file /etc/nginx/nginx.conf test failed

Hum, something doesn't look right. If what you did is what the link you provided says your certificates should be on another directory (like /etc/letsencrypt/live/purpleturtles.com/privkey.pem). According to the error you seem to have it configured inside the nginx directory (/etc/nginx/ssl/sloco.co.uk/19613/server.crt). It can't find the certificates there. So it looks like it is looking in the wrong directory.

You might want to edit your sites conf file under "/etc/nginx/sites-available/" and see if you have maybe two entries for the certs? Or if have it wrong? The process for nginx is not automatic, you need to add the entries for your files manually.

Just verify the correct location of the cert and the chain file, edit your conf, and test again. It probably will work then if it can find the certs.

@noeldiaz yes you are right this was because I had a blockage when using the guide and was getting ERR_CONNECTION REFUSED on my browser.

I then decided to use the forge option on setting Letsencrypt and i guess this has created duplicates. Currently forge cannot complete the process because the server is not listening on port 80 or port 443. This is the error forge produces:

Updating letsencrypt and virtual environment dependencies....... Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt certonly --webroot -w /home/forge/sloco.co.uk/public --agree-tos --redirect --duplicate --text --email myemail -d sloco.co.uk Failed authorization procedure. sloco.co.uk (http-01): urn:acme:error:connection :: The server could not connect to the client for DV :: Could not connect to http://sloco.co.uk/.well-known/acme-challenge/JPct9A2qMpuUeugUmGk5QAXhaq4NkXg3oA15rahkP7w IMPORTANT NOTES:

• If you lose your account credentials, you can recover through e-mails sent to myemail

• The following 'urn:acme:error:connection' errors were reported by the server:

  Domains: sloco.co.uk Error: The server could not connect to the client for DV

• Your account credentials have been saved in your Let's Encrypt configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Let's Encrypt so making regular backups of this folder is ideal.

@bashy Can you help me with this please

I had similar, the LetsEncyrpt worked fine, I was able to test POST stuff from PAWS and Chrome Postman using the https, yet when I migrated my FastSpring call to https, it just flat refused connections. I had to manually whack the certificate and go back to http. Once I get the holidays out of the way I intend to dig deeper.

If the cert isn't found, it's not going to load nginx properly...

@Gorby Did you ever happen to figure out what was going on?

@matthiggins I'd use https://certbot.eff.org and use the command that doesn't modify Nginx for you

sudo certbot certonly --webroot -w /home/user/sites/domain -d domain.ext

@GORBY - Did you figure this out? I'm having the same issue when I migrated to Forge. Fastspring doesn't like Forge servers for some reason.