Bitcoin Forum

I have a bitcoind daemon running on one server and trying to connect it from another one for the last couple of days but always i get connection time out error.
Here is the stuff i've excluded so far, please help me to see what angle i'm missing :)

- the client server IP is added both in host server firewall whitelist and bitcoin.conf file (rpcallowip=)
- both ports 8332 and 8333 are allowed in the host server firewall and i can see the bitcoind listening to them (netstat -lnp)
- it's not localost connection so https is a must as i understood from the docs. I'm using self generated certificates, here are the settings used
rpcssl=1
rpcsslcertificatechainfile=cs.crt
rpcsslprivatekeyfile=cs.key

cs.csr and cs.pem files were generated as well but i suppose the above 2 are the ones i need set?
anway all 4 are in both .bitcoin and bitcoin dirs (i suppose it looks in ".bitcoin" only dir? but wanted to make sure)


- the only onther settings i have in the conf file are:
server=1
rpcuser=someuserhere
rpcpassword=somepasshere

everything else is default


so where else i should look?

Are you using PHP to connect?

Are you using verify_peer in the rpc call?
https://en.bitcoin.it/wiki/Enabling_SSL_on_original_client_daemon

ah i might have generated the certs wrong since i used something different than the one described in the wiki :)
I'm using php and also the cert on the other side, lets see if it works now.
Thank you guys!

nope, doesn't work with the new certs

The bitcoind doesn't respond to client server requests.
And I get this:
"Fatal error: Uncaught BitcoinClientException:

• : CURL error: couldn't connect to host thrown in on line 0"

hm no ideas what else to look... :(

what else tends to give problems when connecting between servers?

were you able to connect without ssl?

Stop bitcoind
change rpcssl=1 to rpcssl=0
restart bitcoind and try to start.



If you can connect it is probably and issue with verify_peer in rpc.

I know user kjj is a pretty sharp programer.  maybe you could ping him.

please keep us posted.

I do all of my stuff on the same server as bitcoind, so I've never needed SSL.  I saw this thread and decided to try it out, but so far I have been too busy.

I know that SSL problems can be painful to diagnose.  Clients in particular are notoriously bad about reporting errors.  Usually you don't get much more than "it didn't work".

The good news is that you might not have a SSL problem at all.  Timeout suggests a different problem.  Double check that your -rpcallowip is right, then double check your firewall, and finally, use nmap and/or telnet to verify that the computers are able to connect.

Also, as BCB suggested, try it without SSL.  If I'm right about the connection problem, it won't work with -rpcssl=0 either.

I haven't tried without SSL because the wiki says that for non-localhost connections ssl is the only option?


the  openssl s_client -connect localhost:8332 command outputs fine btw, again according to the wiki

so it works locally, just for some reason can't get to it

the allowed ip i checked like 10 times, and it's also for sure allowed in the firewall, together with both ports 8332 and 8333 just in case

basically i'm out of ideas guys :(
what else might be wrong?


p.s.
has anyone made between server connections work without ssl? (not that i would like to run it like that)

You need to do the check from the remote end, not localhost.  Most likely your firewall isn't really open on that port, but possibly other things.  Try using -bind=your_IP_address too.

yes i know, but the checks from the other side don't work, i just know that it's setup fine on the host server because of this.

do u mean to use the bind in the shell on the host server? what's your idea?

I'm saying that you need to do some checks at a lower level.  Use nmap from the client side to see if you can get any reply from the server.  If it reports the port closed, you need to figure out why.  Likely reasons are that your firewall isn't really allowing the traffic in, or possibly that bitcoind is binding to the RPC port on 127.0.0.1 instead of 0.0.0.0.

unfortunately i dont have shell access from the client server.
the php script is giving this error now though:
Fatal error: Uncaught BitcoinClientException:

• : CURL error: couldn't connect to host thrown in on line 0

btw are you guys using line like this in the bitcoin.conf:
rpcsslciphers=TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!AH:!3DES:@STRENGTH

or just left it out and it uses the same by default?

Hmm.  Well, if you have a different box that you can test from, open that one in your firewall, and set that in your rpcallowip line.

Also, on the server, check "netstat -nap | grep bitcoin | grep LISTEN".  Look for a line similar to one of these:


The pairs are IPv4 and IPv6 versions of the same thing.  The first pair shows bitcoind has bound to every interface.  The second pair shows bitcoind bound only to localhost.  For remote connections, you need it to bind to every interface.

i had the host server support double check for me, the ip is whitelisted and they can connect on those ports
the netstat gives

so i suppose we are good here

the only think that i can figure out now is if the client host for some reason is forbidding the outgoing ssl connections, for which i'm waiting them to answer now
and also the host server to tell me if there are attempts to connect from the client host ip
i don't see why the client host might be doing that, but what else we have left?