Apache (and other services) work on localhost, but not IP address

My Apache server is working correctly on port 80.

When I try to enable SSL on port 443, I can connect via localhost (telnet localhost 443) but not via IP address (telnet xxx.xxx.xxx.xxx 443).

To figure out where the problem is, I took my default port 80 config and changed the references to port 443. Same result. Changed back to 80 and it works fine.

Which leads me to think there's a firewall issue, not a config issue. But I have no firewall rules.

Also this site is working on a virtual machine with same Linux version, 12.04 Precise 64-bit under Virtualbox. I tar the /etc/apache2 directory and put it on the Amazon EC2 instance, I get the behavior described - port 80 works, 443 only localhost.

I'm not an expert, but not a newbie. Stumped half the day, figured time to reach out, maybe others can help/benefit. Am I missing something simple, or is there something new I have to do to open up port 443?

ports.conf:

NameVirtualHost *:80
Listen 80
Listen 443

default-ssl in sites-enabled

 <VirtualHost *:443>
   ServerName mysite.mydomain.com:443
 ... more irrelevant stuff

note if I enable only default-ssl and just change 443 to 80, it works

so, that made me think there was no Apache config issue, but some firewall issue. But I have no firewall enabled.

ubuntu@ip-xx-xx-xx-xx:/etc/apache2/sites-enabled$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

nmap localhost vs. the IP address

 sudo nmap -sT -O -PN xx.xx.xx.xx

 Starting Nmap 5.21 ( http://nmap.org ) at 2013-07-30 13:53 EDT
 Nmap scan report for ec2-xx-xx-xx-xxx.compute-1.amazonaws.com (xx.xx.xx.xx)
 Host is up (0.0013s latency).
 Not shown: 996 filtered ports
 PORT     STATE  SERVICE
 22/tcp   open   ssh
 25/tcp   closed smtp
 80/tcp   open   http
 3306/tcp closed mysql
 Device type: general purpose
 Running (JUST GUESSING) : Linux 2.6.X (85%)
 Aggressive OS guesses: Linux 2.6.15 - 2.6.26 (85%)
 No exact OS matches for host (test conditions non-ideal).

 OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
 Nmap done: 1 IP address (1 host up) scanned in 9.56 seconds
 ubuntu@ip-10-68-23-145:/etc/apache2/sites-enabled$ sudo nmap -sT -O -PN localhost

nmap localhost

 Starting Nmap 5.21 ( http://nmap.org ) at 2013-07-30 13:53 EDT
 Nmap scan report for localhost (127.0.0.1)
 Host is up (0.000047s latency).
 Not shown: 995 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 80/tcp   open  http
 443/tcp  open  https
 3306/tcp open  mysql
 9418/tcp open  git
 No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
 TCP/IP fingerprint:
 OS:SCAN(V=5.21%D=7/30%OT=22%CT=1%CU=42076%PV=N%DS=0%DC=L%G=Y%TM=51F7FD9D%P=
 OS:x86_64-unknown-linux-gnu)SEQ(SP=FD%GCD=1%ISR=10E%TI=Z%CI=Z%II=I%TS=8)OPS
 OS:(O1=M400CST11NW5%O2=M400CST11NW5%O3=M400CNNT11NW5%O4=M400CST11NW5%O5=M40
 OS:0CST11NW5%O6=M400CST11)WIN(W1=8000%W2=8000%W3=8000%W4=8000%W5=8000%W6=80
 OS:00)ECN(R=Y%DF=Y%T=40%W=8018%O=M400CNNSNW5%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A
 OS:=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%
 OS:Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=
 OS:A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=
 OS:Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%
 OS:T=40%CD=S)

 Network Distance: 0 hops

 OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
 Nmap done: 1 IP address (1 host up) scanned in 12.70 seconds



lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 12.04.2 LTS
Release:    12.04
Codename:   precise

Well, I opened up port 443 to all, no luck. I had everything open to all machines in the security group. Also everything open to my remote IP. Still, if I telnet localhost 443 it works, if I telnet <ip address> 443 from the local machine (which is in the same security as itself so you wouldn't expect it to be blocked) or from a remote machine, it times out. Port 80 works in all cases, and as far as I can see they are set up identically. I also added a Name VirtualHost directive to ports.conf so it would be the same as port 80.

Made ports.conf identical for port 80 and port 443. NameVirtualHost *:80 Listen 80 NameVirtualHost *:443 Listen 443

argh... you're right, I'm wrong. the server was not in the security group it was supposed to be (test v prod) so the changes I made before had no effect. the behavior I see is, if I don't open the port in the firewall, I can telnet from the server to localhost or the internal IP, but not the elastic IP. This is even though there is a rule that all servers in the same security group should have all access. Took me a while, but many thanks for the right answer on the first try!