,{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"Why does my local dev server give ERR_CONNECTION_REFUSED?","acceptedAnswer":{"@type":"Answer","text":"The server is not running, is on a different port, or is listening on 127.0.0.1 only. Bind to 0.0.0.0 to accept connections from other machines on the network."}},{"@type":"Question","name":"Is ERR_CONNECTION_REFUSED always a server problem?","acceptedAnswer":{"@type":"Answer","text":"Usually. But a firewall between client and server that sends TCP RST can cause this error even if the server is healthy. Test from multiple networks to distinguish server-side from network-side causes."}}]}

ERR_CONNECTION_REFUSED: Connection Refused

Quick reference

ErrorERR_CONNECTION_REFUSED
Chrome text"This site can't be reached — Connection refused"
Firefox text"The connection was refused"
LayerTCP (DNS succeeded, TCP SYN was refused)
HTTP code?No — TCP-level rejection before HTTP

What ERR_CONNECTION_REFUSED means

ERR_CONNECTION_REFUSED means DNS resolution succeeded and the browser found the server's IP address, but when it tried to open a TCP connection on the target port (80 for HTTP, 443 for HTTPS), the server's TCP stack sent back a TCP RST (reset) packet — an explicit refusal. No service is listening on that port.

This is the browser equivalent of knocking on a door and being told "nobody home." The host machine is reachable on the network, but the web server process is not running or not listening on that port.

In API clients: Python raises requests.exceptions.ConnectionError: [Errno 111] Connection refused. Node.js raises Error: connect ECONNREFUSED 93.184.216.34:443. curl returns curl: (7) Failed to connect to example.com port 443: Connection refused.

Diagnosis steps

Step 1 — Confirm the port is actually closed:

nc -zv example.com 443 # Connection to example.com 443 port [tcp/https] succeeded! = port open # nc: connect to example.com port 443 (tcp) failed: Connection refused = refused # Or with curl: curl -v https://example.com # curl: (7) Failed to connect to example.com port 443: Connection refused

Step 2 — Check what is listening on the port on the server:

ss -tlnp sport = :443 # LISTEN 0 128 0.0.0.0:443 = something is listening # Empty output = nothing listening on 443 netstat -tlnp | grep :443

Step 3 — Check web server status:

systemctl status nginx systemctl status apache2 # If stopped: systemctl start nginx # Check logs for startup errors: journalctl -u nginx -n 50 --no-pager

Step 4 — Check for firewall rules actively blocking the port:

iptables -L INPUT -n | grep -E ':443|:80' # REJECT rules send a RST — appears as "connection refused" to client # DROP rules silently discard — appears as timeout instead # UFW: ufw status verbose | grep 443

Common causes and fixes

Web server not running: The most common cause. Start the service:

systemctl start nginx && systemctl enable nginx # Or for Apache: systemctl start apache2 && systemctl enable apache2

Web server bound to wrong interface: nginx or Apache listening on 127.0.0.1 only (localhost), not on the public interface. Fix the listen directive:

# nginx — wrong: listen 127.0.0.1:443 ssl; # nginx — correct (all interfaces): listen 0.0.0.0:443 ssl; # or simply: listen 443 ssl;

Wrong port in the URL: The server is listening on a non-standard port (e.g., 8443 instead of 443). The URL must specify the port: https://example.com:8443/. Or configure the server to also listen on the standard port.

Firewall REJECT rule: A firewall rule is actively rejecting connections (sending TCP RST). Switch REJECT to DROP if silence is desired, or remove the rule if the port should be open:

# Remove iptables REJECT rule for port 443: iptables -D INPUT -p tcp --dport 443 -j REJECT # Add ACCEPT rule: iptables -I INPUT -p tcp --dport 443 -j ACCEPT

Port conflict: Another service is running on port 443 and the web server failed to start because the port is already in use:

lsof -i :443 # Shows which process is using the port # Kill or reconfigure the conflicting process

ERR_CONNECTION_REFUSED vs related errors

ErrorTCP RST received?Cause
ERR_CONNECTION_REFUSEDYesNothing listening on port
ERR_CONNECTION_TIMED_OUTNo — timeoutHost unreachable or firewall DROP
ERR_NAME_NOT_RESOLVEDNot reachedDNS failed before TCP
Cloudflare 521Yes (to Cloudflare)Same as this error, seen via Cloudflare

Frequently asked questions

Why does my local dev server give ERR_CONNECTION_REFUSED?

The most common cause is the development server not running, or running on a different port than the URL specifies. Also check that the server is listening on 0.0.0.0 (all interfaces) rather than 127.0.0.1 only — 127.0.0.1 binds only to localhost and refuses connections from other machines on the network.

Can a VPN cause ERR_CONNECTION_REFUSED?

Yes. If a VPN routes traffic through a server that has a firewall REJECT rule for the target port, you see ERR_CONNECTION_REFUSED while on the VPN. Disconnecting the VPN uses a different route that may succeed. Test without VPN to determine if the VPN is the cause.

Is ERR_CONNECTION_REFUSED always a server problem?

Usually, yes. If the server is correctly configured and the port is open, the TCP SYN will be accepted and the three-way handshake will succeed. However, a firewall between client and server (at the ISP level, corporate proxy, or cloud security group) that sends a RST can also cause this error even if the server itself is healthy. Test from multiple networks to distinguish server-side from network-side causes.

How is this different from a 404 error?

ERR_CONNECTION_REFUSED happens before any HTTP communication — the TCP connection itself fails. A 404 Not Found is returned by the server after the TCP connection and TLS handshake succeed. They occur at completely different layers: TCP vs. HTTP.

Related guides

ERR_NAME_NOT_RESOLVED · Cloudflare 521 · Cloudflare 522 · HTTP 408 · Nginx 444

All Guides · Home