QuantRocket

Docker Cloud Connection Error: No connection could be made because the target machine actively refused it


#1

Hi there!

First of all, congratulations for the great work you’re doing! The technology stack is awesome.

I’m trying to deploy a Docker Cloud using Digital Ocean following the tutorial. Everything looks fine except that when I try to connect to Houston ($ quantrocket houston ping) I receive the following error:

requests.exceptions.ConnectionError: HTTPSConnectionPool(host='houston.xxxx.yyyy.svc.dockerapp.io', port=443): Max retries exceeded with url: /ping (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x0000000003BD72E8>: Failed to establish a new connection: [WinError 10061] No connection could be made because the target machine actively refused it',))

I double checked that the environment variables are correctly set.

Any help will be much appreciated.

JJD


#2

This might be related to a Let’s Encrypt/certbot security challenge deprecation for SSL certs: https://github.com/certbot/certbot/issues/5405. I thought it only affected cert renewals but I could be wrong. In the Docker Cloud UI, you can see if this is the issue by checking the houston logs and looking for this line:

Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

If so I believe the root issue is fixed upstream in the latest certbot and we need to bake a new version of houston which will happen in the next couple days.


#3

Thank you Brian,

You’re right, the houston logs has the lines you mention.

I’ll be waiting for the update!


#4

This issue is fixed in the latest version of houston, 0.9.0. The updated houston block needed for your Stack file is below (or re-run the configuration wizard):

houston:
  image: 'quantrocket/houston:0.9.0'
  ports:
    - '443:443'
    - '80:81'
  environment:
    BASIC_AUTH_USER: '${HOUSTON_USERNAME}'
    BASIC_AUTH_PASSWD: '${HOUSTON_PASSWORD}'
  restart: always

(Note the addition of the port 80:81 mapping which enables the SSL cert validation.)

Then redeploy.


#5

Worked perfectly, thank you!


#6