Failed to connect to test.bitpay.com port 443: Connection refused

[auzair92]

I am facing a 'Connection refused' error while attempting token pairing (STEP 3 in this guide). It returns following error:

Fatal error: Uncaught exception 'Bitpay\Client\ConnectionException' with message 'Failed to connect to test.bitpay.com port 443: Connection refused' in C:\Dev\XAMPP5\htdocs\bitpay\vendor\bitpay\php-client\src\Bitpay\Client\Adapter\CurlAdapter.php:77 Stack trace: #0 C:\Dev\XAMPP5\htdocs\bitpay\vendor\bitpay\php-client\src\Bitpay\Client\Client.php(623): Bitpay\Client\Adapter\CurlAdapter->sendRequest(Object(Bitpay\Client\Request)) #1 C:\Dev\XAMPP5\htdocs\bitpay\vendor\bitpay\php-client\src\Bitpay\Client\Client.php(528): Bitpay\Client\Client->sendRequest(Object(Bitpay\Client\Request)) #2 C:\Dev\XAMPP5\htdocs\bitpay\index.php(53): Bitpay\Client\Client->createToken(Array) #3 {main} thrown in C:\Dev\XAMPP5\htdocs\bitpay\vendor\bitpay\php-client\src\Bitpay\Client\Adapter\CurlAdapter.php on line 77

I am working behind a corporate proxy, and have tried using CNTLM to bypass it, but still no joy. I would appreciate if someone could guide me if there is a way to get around this, like directing from HTTPS to HTTP, or some other bypassing mechanism.

Dev environment: Windows 10, XAMPP with PHP v5.6

[pieterpoorthuis]

Can you find out where the connection is refused? E.g by your corporate proxy, by cloudflare or by BitPay? If you have curl command line, you can test by running: curl https://test.bitpay.com/rates/

[auzair92]

Simple command curl https://test.bitpay.com/rates/ in CMD results in:

curl: (7) Failed to connect to test.bitpay.com port 443: Connection refused

But I can access this URL directly in browser, and see the JSON response. Also, when I set the CURLOPT_PROXY parameter to CNTLM's NoProxy address in a PHP script and use the same URL, then curl command works and returns valid JSON object.

Seeing this, I tried setting the CURL proxy in CurlAdapter.php to the same CNTLM NoProxy address using:

array( CURLOPT_POST => 1, CURLOPT_POSTFIELDS => $request->getBody(), CURLOPT_PROXY => '127.0.0.1:53128') ...

But then it results in a blank response in the browser:

Token obtained:

and nothing else. Could you help me isolate where the issue is? What other tests can I run to see what goes wrong?

[pieterpoorthuis]

Can you get some verbose info using curl: curl -vvv https://test.bitpay.com/rates

[auzair92]

Result without --proxy option:

curl -vvv https://test.bitpay.com/rates
*   Trying 104.17.67.20...
* TCP_NODELAY set
* connect to 104.17.67.20 port 443 failed: Connection refused
*   Trying 104.17.68.20...
* TCP_NODELAY set
* connect to 104.17.68.20 port 443 failed: Connection refused
*   Trying 104.17.67.20...
* TCP_NODELAY set
* connect to 104.17.67.20 port 443 failed: Connection refused
*   Trying 104.17.68.20...
* TCP_NODELAY set
* connect to 104.17.68.20 port 443 failed: Connection refused
* Failed to connect to test.bitpay.com port 443: Connection refused
* Closing connection 0
curl: (7) Failed to connect to test.bitpay.com port 443: Connection refused

Result of curl command with proxy option (set to CNTLM's NoProxy address):

curl -vvv https://test.bitpay.com/rates --proxy 127.0.0.1:53128
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 53128 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to test.bitpay.com:443
> CONNECT test.bitpay.com:443 HTTP/1.1
> Host: test.bitpay.com:443
> User-Agent: curl/7.59.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
< Via: 1.1 GW-SRVISB
< Connection: Keep-Alive
< Proxy-Connection: Keep-Alive
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* schannel: SSL/TLS connection with test.bitpay.com port 443 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 180 bytes...
* schannel: sent initial handshake data: sent 180 bytes
* schannel: SSL/TLS connection with test.bitpay.com port 443 (step 2/3)
* schannel: failed to receive handshake, need more data
* CONNECT phase completed!
* CONNECT phase completed!
* schannel: SSL/TLS connection with test.bitpay.com port 443 (step 2/3)
* schannel: encrypted data got 3442
* schannel: encrypted data buffer: offset 3442 length 4096
* schannel: sending next handshake data: sending 93 bytes...
* schannel: SSL/TLS connection with test.bitpay.com port 443 (step 2/3)
* schannel: encrypted data got 258
* schannel: encrypted data buffer: offset 258 length 4096
* schannel: SSL/TLS handshake complete
* schannel: SSL/TLS connection with test.bitpay.com port 443 (step 3/3)
* schannel: stored credential handle in session cache
> GET /rates HTTP/1.1
> Host: test.bitpay.com
> User-Agent: curl/7.59.0
> Accept: */*
>
* schannel: client wants to read 102400 bytes
* schannel: encdata_buffer resized 103424
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 10772
* schannel: encrypted data buffer: offset 10772 length 103424
* schannel: decrypted data length: 1369
* schannel: decrypted data added: 1369
* schannel: decrypted data cached: offset 1369 length 102400
* schannel: encrypted data length: 9374
* schannel: encrypted data cached: offset 9374 length 103424
* schannel: decrypted data length: 1369
* schannel: decrypted data added: 1369
* schannel: decrypted data cached: offset 2738 length 102400
* schannel: encrypted data length: 7976
* schannel: encrypted data cached: offset 7976 length 103424
* schannel: decrypted data length: 1369
* schannel: decrypted data added: 1369
* schannel: decrypted data cached: offset 4107 length 102400
* schannel: encrypted data length: 6578
* schannel: encrypted data cached: offset 6578 length 103424
* schannel: decrypted data length: 1369
* schannel: decrypted data added: 1369
* schannel: decrypted data cached: offset 5476 length 102400
* schannel: encrypted data length: 5180
* schannel: encrypted data cached: offset 5180 length 103424
* schannel: decrypted data length: 1369
* schannel: decrypted data added: 1369
* schannel: decrypted data cached: offset 6845 length 102400
* schannel: encrypted data length: 3782
* schannel: encrypted data cached: offset 3782 length 103424
* schannel: decrypted data length: 1369
* schannel: decrypted data added: 1369
* schannel: decrypted data cached: offset 8214 length 102400
* schannel: encrypted data length: 2384
* schannel: encrypted data cached: offset 2384 length 103424
* schannel: decrypted data length: 1369
* schannel: decrypted data added: 1369
* schannel: decrypted data cached: offset 9583 length 102400
* schannel: encrypted data length: 986
* schannel: encrypted data cached: offset 986 length 103424
* schannel: decrypted data length: 957
* schannel: decrypted data added: 957
* schannel: decrypted data cached: offset 10540 length 102400
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: decrypted data buffer: offset 10540 length 102400
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 10540
* schannel: decrypted data buffer: offset 0 length 102400
< HTTP/1.1 200 OK
< Date: Fri, 23 Mar 2018 10:35:12 GMT
< Content-Type: application/json; charset=utf-8
< Content-Length: 9596
< Connection: keep-alive
< Set-Cookie: __cfduid=df4cc0e39cb247f414578411499c63f481521801311; expires=Sat, 23-Mar-19 10:35:11 GMT; path=/; domain=.bitpay.com; HttpOnly
< Strict-Transport-Security: max-age=31536000
< X-Download-Options: noopen
< X-Content-Type-Options: nosniff
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
< Access-Control-Allow-Headers: Content-Type,Authorization,Content-Length,X-Requested-With,Cache-Control,X-Accept-Version,x-signature,x-pubkey,x-identity,cf-connecting-ip
< Cache-Control: public, max-age=60, s-maxage=60
< Expires: Fri, 23 Mar 2018 10:36:12 GMT
< ETag: W/"257c-xVphto0ydGonPjBtaWabv5aIfxg"
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< Server: cloudflare
< CF-RAY: 40003ff5aa186ffc-SIN
<
{"data" ... [Response data continues] ... }* Connection #0 to host 127.0.0.1 left intact

[pieterpoorthuis]

Unfortunately I have no experience with configuring corporate proxies in CURL. Can you get a system engineer from your company to help you?

[auzair92]

Sure, I was able to sort this out by using a privileged (proxy-free) system. Thank you for your help!