Author Topic: Enabled LetsEncrypt and get ERR_CONNECTION_REFUSED  (Read 968 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Enabled LetsEncrypt and get ERR_CONNECTION_REFUSED
« on: March 13, 2018, 08:01:26 AM »
Hi,

Linux VPS, Centos 7, CWP 7, PHP 7.1.15

When i installed CWP 7 I logged in as root and set up free autossl on my domain which worked fine.
Every URL redirects to https, including the CWP 7 admin panel, that was showing as insecure in the address bar.

So then I was trying to get CWP 7 to redirect to https and somehow lost access to the admin panel.
I noticed that letsencrypt wasn't installed in the CWP panel, so I clicked install.

When I go to https://mysite.com:2031 I get a blank page with this message: ERR_CONNECTION_REFUSED

I can't access any website content either.
I can't access the CWP 7 admin panel at: https://mysite.com:2031

I tried turning off IPtables but no joy,

I don't know if the firewalld has anything to do with this but I get some errors:

[root@me ~]# systemctl status firewalld
* firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2018-03-13 06:30:24 UTC; 54s ago
     Docs: man:firewalld(1)
 Main PID: 4862 (firewalld)
   CGroup: /system.slice/firewalld.service
           `-4862 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Mar 13 06:30:25 clients firewalld[4862]: WARNING: ipset not usable, disabling ipset usage in firewall.
Mar 13 06:30:26 clients firewalld[4862]: WARNING: ICMP type 'beyond-scope' is not supported by the kernel for ipv6.
Mar 13 06:30:26 clients firewalld[4862]: WARNING: beyond-scope: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Mar 13 06:30:26 clients firewalld[4862]: WARNING: ICMP type 'failed-policy' is not supported by the kernel for ipv6.
Mar 13 06:30:26 clients firewalld[4862]: WARNING: failed-policy: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Mar 13 06:30:26 clients firewalld[4862]: WARNING: ICMP type 'reject-route' is not supported by the kernel for ipv6.
Mar 13 06:30:26 clients firewalld[4862]: WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Mar 13 06:30:26 clients firewalld[4862]: ERROR: Failed to read file "/proc/sys/net/netfilter/nf_conntrack_helper": [Errno 2] No such file or directory: '/p...ck_helper'
Mar 13 06:30:26 clients firewalld[4862]: WARNING: Failed to get and parse nf_conntrack_helper setting
Mar 13 06:30:26 clients firewalld[4862]: WARNING: ebtables not usable, disabling ethernet bridge firewall.


Just tried this:

[root@me ~]# systemctl status cwpsrv.service
* cwpsrv.service - CentOS Web Panel service (daemon)
   Loaded: loaded (/usr/lib/systemd/system/cwpsrv.service; enabled; vendor preset: disabled)
   Active: activating (auto-restart) (Result: exit-code) since Tue 2018-03-13 07:55:06 UTC; 4s ago
  Process: 1922 ExecStartPre=/usr/local/cwpsrv/bin/cwpsrv -t (code=exited, status=1/FAILURE)

Mar 13 07:55:06 clients systemd[1]: Failed to start CentOS Web Panel servic...).
Mar 13 07:55:06 clients systemd[1]: Unit cwpsrv.service entered failed state.
Mar 13 07:55:06 clients systemd[1]: cwpsrv.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

I don't know what to do and I'm in the middle of a project.

Any help appreciated  ::)
« Last Edit: March 13, 2018, 08:57:48 AM by emar »

Offline
**
Re: Enabled LetsEncrypt and get ERR_CONNECTION_REFUSED
« Reply #1 on: March 13, 2018, 06:09:11 PM »
The two modules know as Letsencrypt and AutoSSL can't COEXIST. Meaning if you have Letsencrypt installed, everything in AutoSSL no longer works.

If letsencrypt it installed, you will need to recreate the certificates. Or remove letsencrypt and use autossl.

So get back into your CWP for the time being, use the insecure http url; http://IPADDRESS:2030


To get your cwp secured again on 2031, you need to make a new cert for it with the "Custom domain" section at the bottom of Letsencrypt.

Host: [yourhostname]
path: /usr/local/apache/htdocs
user: nobody
IP: [yourServerIP]
port: 443

After that, it will show you the vhost info at the top of the page, KEEP THIS OPEN for now. You need it.

Go into your server files, and navigate to this path /usr/local/cwpsrv/conf  and edit the cwpsrv.conf

Find: 2031

And you'll see these below it or close by, ssl_certificate  and   ssl_certificate_key

This is where you want to replace the values with the paths in the vhost info from before.

        ssl_certificate     /etc/letsencrypt/live/HOSTNAME/cert.pem;
        ssl_certificate_key /etc/letsencrypt/live/HOSTNAME/privkey.pem;


Save, then open SSH and do "Service cwpsrv restart"
« Last Edit: March 13, 2018, 06:14:10 PM by bentheman96 »

Offline
*
Re: Enabled LetsEncrypt and get ERR_CONNECTION_REFUSED
« Reply #2 on: March 13, 2018, 07:05:09 PM »
I think I did all that before I installed cwp, I installed firewalld first then added the ports,
I think added the port to some config file, I forget im lost with all this crap, I have other issues now.

Offline
*
Re: Enabled LetsEncrypt and get ERR_CONNECTION_REFUSED
« Reply #3 on: March 16, 2018, 02:51:57 AM »
It's happened again on a fresh install, locked out of the admin panel.