Unable To Connect/Connection Refused due to https certificates

We successfully installed Discourse through DigitalOcean using the following guide:

github.com/discourse/discourse/blob/master/docs/INSTALL-cloud.md

Our DNS is fully propagated, and we also installed our SSL CERTS per the following guide:

When browsing to our Discourse installation via IP or domain name, we get the following message:

This site can’t be reached

XX.XX.XX.XX refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED

What could be the problem?

Almost certainly a SSL problem. Try rebuilding with plain HTTP first to make sure everything is working before adding on the complexity of HTTPS.

Using let’s encrypt is an easy way to get ssl.

… thanks for your help.

I am running into this same issue, To rebuild with plain HTTP, does that require just commenting out the SSL template line in app.yml?

Yes, but browsers that have visited your site will refuse to connect. You really should use https.

4 Likes

For anyone that face it in the future, make sure to not exceed the rate limit of LetsEncrypt:

You can see if it was exceeded in the logs:

./launcher logs app

2 Likes

I met exectly the same prompt from chrome.

For my case there were several configuration that was wrongly setted, some were Discourse settings, some were hosting server configuration. I post my checklist here for you as a reference:

  1. Check /var/discourse/containers/app.yml

(Follow this post: Advanced Setup Only: Allowing SSL / HTTPS for your Discourse Docker setup )

Make sure you either allows https/http (open the 443 port, uncomment the ssl related template config, and the Let’sEncrypted related configs), or only http request (ban the 443 port, comment out the ssl related template config and Let’sEncrypted related configs).

If any changes were made to app.yml, run ./launcher rebuild app to activate the updated configs.

  1. Run ./laucher logs app.

If you failed frequently to rebuild a functional discourse server, like I did, you may at the same time had requested too much Let’s Encrypt credentials and exeeded their limit.

Then run ./laucher logs app will print a json. with a 429 error included.

  1. Check your Security group settings for your ECS server instance

In my case, Security group is simply a bundle of perssioned ports (for example, 80 HTTP 443 HTTPs), whichs allow you to control your server’s transportation with the outter space.

Make sure to allow the ports that are necessary for hosting discourse.

  1. Check firewall settings

In my case, step 3 didn’t open the required ports for me. Something wrong happened with my firewall settings.

it’s weird that I never set the firewall for my server, but those ports were indeed opened after configured with
apt install firewall-cmd
firewall-cmd --permanent --add-port=20-21/tcp (… and the other ports)
firewall-cmd --reload

You check the status of opened ports for your domain with some online services.

2 Likes

Had this issue too - over the rate limit for certificates.

Fixed by following your step #1 (commenting out the 2 SSL templates in app.yml) and opening up the site in another browser once rebuilt.

Assuming I’ll be able to reenable SSL once a week passes.

2 Likes

Were you able to connect after a week passed?

1 Like