Connection refused

Your server is actively turning away connections — nothing is listening on the port, or something is blocking the request before it arrives. Your site shows as Down in DomainDash.

Symptom

• DomainDash marks the uptime check as Down with error code connection_refused
• Browser shows "ERR_CONNECTION_REFUSED" instantly, with no delay
• Running curl -v https://example.com returns curl: (7) Failed to connect to example.com port 443 after X ms: Connection refused
• nc -zv example.com 443 returns "Connection refused"

What it means

When a browser (or DomainDash) tries to connect to your site, it performs a Transmission Control Protocol (TCP) handshake on port 443 (HTTPS) or port 80 (HTTP). A connection_refused error means the remote host received the connection attempt and replied with a TCP RST — a signal that says "nothing is listening here, go away." This is different from a connection timeout, where the request disappears into the void with no reply at all.

The failure is happening at the network layer, before any HTTP request is sent. Your server is reachable (packets are arriving), but something is immediately rejecting them.

Common causes

• The web server process has stopped or crashed — Nginx, Apache, Caddy, or your Node.js/application server is not running
• The web server is bound to 127.0.0.1 (localhost) only and won't accept external connections
• A firewall rule (UFW, iptables, AWS security group, GCP firewall) is blocking port 443 or 80 from the checker's source IP
• The server was recently redeployed or rebooted and the web server didn't restart automatically
• A misconfigured Docker or Kubernetes port mapping means the container port isn't exposed on the host
• The server is listening on a non-standard port, and the DomainDash check is pointing at the default port

How to fix

1. Confirm the connection is being refused. Run:

   curl -v https://example.com

   You should see "Connection refused" immediately, with no delay. If it hangs for several seconds before failing, you're looking at a timeout, not a refusal — check the connection timeout page instead.

2. Check whether the web server is running. SSH into the server and inspect the process:

   sudo systemctl status nginx
   # or
   sudo systemctl status apache2

   If the service is inactive or failed, restart it:

   sudo systemctl start nginx
   sudo systemctl enable nginx  # prevents this from happening again after a reboot

3. Verify the server is bound to a public interface. A web server configured to listen only on 127.0.0.1 accepts local connections but refuses all external ones:

   ss -tlnp | grep ':443'

   If the output shows 127.0.0.1:443, open your web server config and change the listen directive. In Nginx:

   listen 443 ssl;        # binds to all interfaces
   # not: listen 127.0.0.1:443 ssl;

   Reload after changing: sudo systemctl reload nginx.

4. Check firewall and security group rules. Check the OS firewall first:

   sudo ufw status

   Ports 80 and 443 should appear as "ALLOW". If they're missing:

   sudo ufw allow 80/tcp
   sudo ufw allow 443/tcp

   If you're on a cloud provider, check the security group (AWS EC2), firewall rules (DigitalOcean, GCP), or network security group (Azure). Port 443 must be open to inbound traffic from 0.0.0.0/0. If you use Cloudflare, check the WAF and IP Access Rules — an overly aggressive rule may be blocking the DomainDash checker's IPs.

5. Restart and re-verify. After making changes, confirm the port is accepting connections:

   nc -zv example.com 443

   "Connection to example.com 443 port [tcp/https] succeeded!" confirms the port is now accessible.

How to verify

After fixing:

1. Run nc -zv example.com 443 from your local machine — it should succeed.
2. Open the site in a fresh browser window — it should load normally.
3. In DomainDash, go to the site's uptime tab and click "Check now". Status should flip from Down to Healthy within a few seconds.

Related

• Connection timeout — if the request hangs rather than failing instantly
• DNS resolution failed — if the domain itself can't be resolved
• Site is down — if you're not sure which uptime issue you have
• Uptime — how DomainDash runs uptime checks