3v-Hosting Blog
10 min read
The "connection refused" error is something many of us run into when trying to access websites, services, or servers over a network. Essentially, this error means that the client - whether it's your browser or an application - was unable to connect to the target host, which simply "refused" the connection attempt. For system administrators, developers, and users alike, it's important to understand what causes this issue and how to resolve it effectively. In this article, we’ll dive into the various reasons behind the "connection refused" error, explore the different scenarios in which it can occur, and discuss solutions from both the client-side and server-side perspectives.
The Connection Refused error means that the computer or server you are trying to connect to exists and is responding, but is not accepting your connection. It's like when you make a phone call and the person on the other end picks up the phone but immediately puts it back down.
This behavior indicates that the connection is physically possible, but either the service is not listening to the required port, or a firewall is blocking the attempt.
The "connection refused" error message can appear in different formats across platforms and tools, such as:
ERR_CONNECTION_REFUSED - in web browsers;
Connection refused - in command-line tools like curl or telnet;
Site refused to connect - in browsers when a website is inaccessible.
These messages mean that the target machine or server is reachable but refuses to allow the connection request. This typically happens when the server or port is not listening, a firewall blocks the request, or the connection configuration is misconfigured.
In technical terms, when a client sends a connection request via a protocol (e.g., HTTP, SSH, etc.), it passes through multiple layers (network stack, firewall, etc.) before reaching the application. If the connection is denied at any point, the client receives a "connection refused" message.
Several factors can cause a "connection refused" error. These issues can occur on the client, server, or network level. Let's explore the common causes:
Before proceeding with active diagnostics, it is important to understand at what level the failure occurs - on the client side, the server side, or the network itself. This will help you avoid chaotic checks and immediately choose the right direction for analysis.
To identify the source, use basic utilities (ping, traceroute, telnet, ss, ufw status, etc.), each of which shows the connection status at its own level.
The following section provides specific examples and commands for diagnostics on the server, client, and network sides, as well as a table that will help you quickly determine where the failure is occurring.
Before fixing the issue, it is important to accurately diagnose where the connection failure occurs. Here are several steps you can take to identify the root cause:
Verify Service Status: Use tools like systemctl or service (Linux) to check whether the required service is running:
systemctl status apache2
systemctl status ssh
Check Port Listening: Use netstat or ss to check whether the specific port is open and listening:
ss -tuln | grep :80
If the port is not open, the server will refuse to connect.
Check Firewall Rules: On the server, use iptables or firewall management tools (such as firewalld, ufw, or Windows Firewall) to ensure that the port is not being blocked:
sudo ufw status
sudo iptables -L
Ensure the firewall allows incoming connections on the required port.
Traceroute/Tracerpath: Use traceroute or tracerpath to check if packets are correctly routed to the target server:
traceroute example.com
Check IP and Port: Ensure that the client is connecting to the correct IP address and port by cross-checking the configuration file or connection settings.
DNS Lookup: Perform an nslookup or dig query to ensure the domain name resolves correctly:
nslookup example.com
dig example.com
Check for Browser Cache Issues: Sometimes browser caching can lead to persistent "connection refused" errors. Clearing the cache and trying again may solve the issue.
Telnet Test: Use telnet to test the connection to the server. This helps determine if the issue is network-related or service-related:
telnet example.com 80
If the connection is refused, the problem lies in the server configuration or network settings.
Table: Identifying the Source of the Connection Refused Error
| Symptom | Possible Cause | Level | Command / Tool | Next Step / Recommendation |
|---|---|---|---|---|
| Server does not respond, connection immediately refused | Service is stopped or crashed | Server | systemctl status nginx or systemctl status ssh |
Restart the service and check logs: journalctl -u <service> |
| Port closed or not listening | Application not bound to correct address or port | Server | `ss -tuln | grep :80` | Restart the service that should listen on the port |
| Firewall blocking connection | Incorrect iptables, ufw, or firewalld rules | Server | sudo ufw status or sudo iptables -L -n -v |
Allow required port: sudo ufw allow 80/tcp |
| Connection succeeds but immediately closes | Application misconfiguration or connection limit reached | Server | sudo tail -n 50 /var/log/nginx/error.log |
Fix configuration and restart the service |
| Unable to resolve domain name | DNS misconfiguration or invalid record | Client | dig example.com or nslookup example.com |
Update DNS servers or /etc/resolv.conf file |
| Connection works from one network but not another | Routing, NAT, or ISP filtering issues | Network | traceroute example.com |
Check router/NAT settings or use VPN |
| Error occurs intermittently | Server overload or temporary network instability | Network / Server | mtr example.com or ping -c 10 example.com |
Check load and network stability |
| Only one client affected | Local firewall or antivirus blocking outgoing traffic | Client | sudo iptables -L or antivirus rule check |
Allow connection or add firewall exception |
These checks help you quickly identify whether the Connection Refused error originates from the client, server, or network layer before applying specific fixes.
Once the cause has been identified, you can implement the appropriate solution. Let’s explore how to fix the error depending on the situation.
If the server’s required service (such as HTTP or SSH) is not running, restart the service:
sudo systemctl restart apache2
sudo systemctl restart ssh
If the service fails to start, check the logs in /var/log/ or the service-specific log directory for more detailed error messages.
Ensure that the server is listening on the required port. Edit the configuration files (e.g., /etc/apache2/ports.conf for Apache) to ensure the correct port is bound. Restart the service after making changes.
For example, if the server is supposed to listen on port 8080 but is not, you can manually edit the port settings:
Listen 8080
Open the necessary port using ufw or other firewall management tools:
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
For iptables, you might need to add a rule to accept connections on the port:
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
For web applications running on servers like NGINX or Apache, misconfigurations in virtual hosts or reverse proxy settings can lead to the server refusing connections. Double-check the configuration files (e.g., /etc/nginx/nginx.conf) and make sure there are no syntax errors:
sudo nginx -t
sudo apachectl configtest
Correct any issues found in these configuration files and restart the service.
The "connection refused" error could also stem from the client side. Here’s how to fix common client-side issues.
Ensure the client is connecting to the correct IP address, hostname, and port. Double-check the client application’s settings, especially when dealing with services like SSH, FTP, or web applications.
If you encounter the "ERR_CONNECTION_REFUSED" message in a browser, clearing the browser cache and cookies may resolve the problem. Navigate to the browser settings, clear the cache, and attempt to reconnect.
If the issue stems from DNS resolution failures, you can change the DNS settings to use a public DNS like Google (8.8.8.8) or Cloudflare (1.1.1.1). This can be done either on the client machine or router.
Network issues such as incorrect routing, NAT misconfigurations, or ISP blocks can also cause connection refused errors. Here’s how to resolve such issues:
Ensure that your router is forwarding the correct ports if the server is behind a NAT. Open ports as required and verify that the firewall does not block them.
If the error occurs due to geographical restrictions or ISP blocks, using a VPN can help bypass these restrictions and connect to the server.
Once the problem is resolved, it’s important not only to restore connectivity but also to prevent the Connection Refused error from reoccurring. Regular monitoring and basic automation help detect issues early and reduce the risk of service downtime.
Use monitoring tools such as Netdata, Prometheus, Zabbix, or Uptime Kuma to track the availability of ports, services, and network connections.
These tools can alert you in real time about service failures, blocked ports, or overload conditions, allowing you to fix issues before they affect users.
For system daemons and network services, configure automatic recovery using the Restart=always directive in systemd unit files.
This ensures that the service will restart automatically after a crash or update.
Example:
[Service]
ExecStart=/usr/bin/myservice
Restart=always
RestartSec=5
Regular security updates and library upgrades minimize compatibility issues.
Clearing and refreshing the DNS cache helps avoid failed connections due to outdated domain records.
You can create a simple cron job to periodically test port availability and log the results. This is particularly useful for web servers and APIs:
*/10 * * * * nc -zv your-server.com 80 >> /var/log/conn_check.log 2>&1
This command runs every 10 minutes, checks connectivity to port 80, and logs the result to /var/log/conn_check.log.
You can expand it to monitor multiple ports or hosts if needed.
Recommended monitoring tools
| Tool | Purpose | Key Features |
|---|---|---|
| Netdata | Real-time server and port monitoring | Easy setup, automatic metrics |
| Prometheus | Metrics collection with Grafana integration | Ideal for clusters and containers |
| Zabbix | Full infrastructure monitoring | Flexible triggers and alerts |
| Uptime Kuma | HTTP/HTTPS and TCP uptime tracking | User-friendly web interface, graphs |
| Monit | Local process and service supervision | Can restart failed services automatically |
The "connection refused" error can arise from a variety of issues on both the client and server sides. By methodically diagnosing the problem through service status checks, firewall configurations, and network tests, you can identify the root cause and apply the appropriate fixes. Whether it’s a misconfigured server, network issues, or a simple client-side mistake, understanding the potential reasons behind a refused connection will help in resolving the issue efficiently.
The immediate responsibility of every network administrator or engineer is to manage the subnetwork entrusted to him. And in order to understand the current sta...
In the rapidly evolving landscape of the Internet, selecting the optimal Virtual Private Server (VPS) hosting provider should hinge upon a multitude of factors,...
Virtualization is a cornerstone of modern IT infrastructure. It offers flexibility, cost savings and scalability.This article presents the top five Linux virtua...
Accelerating WordPress at the Nginx level: correct PHP-FPM settings, try_files, static files, caching, Brotli, wp-login protection, and secure headers for stabl...
Effective backup strategies for Docker applications: how to protect volumes, data, and configurations while avoiding common mistakes, and quickly restore servic...
A clear guide to what VPS is used for: real cases, examples for developers, business setups, VPN, CI/CD and more. Learn how to choose the right VPS plan.
