Can't start IIS website on port 443, even though netstat shows nothing listening on 443
Solution 1
IIS doesn't allow you to start an HTTP (without an s) Site on port 443.
In your screenshot, in the 'Site Bindings' window, the type is http, which won't run.
Here what to do:
Create a self-signed certificate from IIS' wizard. (because IIS also doesn't allow you to open an HTTPS website without one) unless you use PowerShell command, which will end you up with the error of port 443 being in use.
'Add a Website' with the binding being 'https' and choose your self-signed certificate. screenshot detailing everything
Site runs perfectly!
Extra content for reference:
I had the same error. Same everything as you OP. But considering that IIS doesn't allow you to open a site on port 443 without a certificate, how was I able to create a site? I was using PowerShell command:
New-WebSite -Name my-website -Port 443 -HostHeader my-website -PhysicalPath "$env:systemdrive\inetpub\wwwroot\my-website"
Which creates you a Site but it doesn't start automatically and if you attempt to start it via PowerShell, you will get this error:
Start-WebSite : Cannot create a file when that file already exists. (Exception from HRESULT: 0x800700B7)
or if you start it manually through the IIS' GUI, you will get that error being 443 is in use which is completely false in reality.
Solution 2
Make sure to have the openssl installed on your server machine.
openssl s_client -connect loalhost:443
GET / HTTP/1.1
Host: localhost
Type enter twice and you will get the HTTP GET Response and you can find out the webpage listing on your local machine. Let me know if this helps. I have a different workaround as well.
Related videos on Youtube
03 : 56
00 : 29
02 : 03
08 : 25
08 : 35
snark
Updated on September 18, 2022Comments
-
snark almost 2 years
I have to bind my IIS website to port 443. No other port is allowed in my case. In IIS Manager I've bound Default Web Site to port 443:
But when I try to start the website it fails with:
However
netstat -anobshows nothing to be listening on port 443. TCPView from SysInternals and Windows Resource Monitor both agree with netstat.How can I find out what is listening on port 443 and stop it so I can run my website on 443?
I'm using IIS 8.5 on Windows Server 2012 R2.
Update on 30 Mar. 2016 It turns out that I could use a port other than 443 after all. So starting the website is no longer a problem for me. Sorry for wasting everyone's time; there was a communication error. But I'll leave this question open in case anyone else faces a similar problem. It might still be useful to know how to find out what's blocking IIS from starting on a particular port when netstat shows nothing is listening on that port.
-
SeanClt over 8 years443 is for https -
snark over 8 years@SeanClt: I know that's true by convention but does that stop it being used for http? As I said, I have to use 443.
-
SeanClt over 8 yearstry changing to https with 443 does it work?
-
snark over 8 yearsIIS doesn't let me change it from http. In the
Edit Site Bindingdialog the value for Type - http - is greyed out and no other options are available. -
Ramhound over 8 yearsWhy are you trying to use 443? Understand the reason you are attempting to run HTTP traffic on port 443 might assist in helping you solve this problem.
-
snark about 8 years@Ramhound: You are right. It turns out there was a miscommunication error between the IT security guys and me. I was under the impression I could only use 443 but I was wrong! I'll edit the question to reflect this...
-
Burgi about 8 years@snark can you post your solution as an answer?
-
snark about 8 years@Burgi I don't have a solution because it turns out I didn't have the problem I thought I had! But I'm leaving the question open in case other people do have to use port 443. For future reference this link might help - helpdesk.stone-ware.com/portal/helpcenter/articles/… (e.g.,
netsh http show urlacl).
-
-
snark over 8 yearsI'm not sure I understand this. Are you running all these commands in a telnet client session or from a command prompt? Can you add more details please. By 'enable telnet' do you mean enable the telnet server or client? And then are you trying to start an openssl client session with the telnet server and do a GET request? I'm guessing I'll have to install openssl from somewhere?
-
manjesh23 over 8 yearsModified the answer, -
snark over 8 yearsThanks. I installed the setup.exe from gnuwin32.sourceforge.net/packages/openssl.htm but the output from
openssl s_client -connect localhost:443wasLoading 'screen' into random state - done connect: Bad file descriptor connect:errno=10061 -
manjesh23 over 8 yearsThis should work. Google search the error.
-
snark over 8 yearsI have been googling of course:). But I've found nothing useful yet. All I've got from
openssl errstr 10061iserror:00010061:lib(0):func(16):reason(97)which is not very helpful. -
snark over 8 yearsI found
SSL_CTRL_SET_SIGALGSfor reason code 97 at github.com/openssl/openssl/blob/master/include/openssl/… but Google's not telling me much about what that means so far... -
snark over 6 yearsI'm accepting this as the answer - I think I was misled by the poor error message from IIS: "Another website may be using the same port", when really it was that you can't run an http website at 443; only https.
