Nginx HTTPS connection to port 443 refused
Your config file is in the directory sites-available
, but your nginx config includes files from sites-enabled
. You either have to move your file to the correct directory, or, if you prefer the Debian way, create a symlink to your config file in sites-enabled
. Then restart or reload nginx.
Related videos on Youtube
Bencc
Updated on September 18, 2022Comments
-
Bencc over 1 year
So I've setup LetsEncrypt on my Nginx server but cannot connect over https. If I run
curl https://my.domain.com
Then I get the error
curl: (7) Failed to connect to my.domain.com port 443: Connection refused
So for some reason my Nginx server is not listening on port 443. If I run 'sudo netstat -anltp' then I can definitely see this
tcp 0 0 0.0.0.0:4747 0.0.0.0:* LISTEN 16145/sshd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 155/rpcbind tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 15413/nginx: master tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 507/master tcp 0 0 168.235.68.234:4747 204.148.137.74:10163 ESTABLISHED 17096/0 tcp6 0 0 :::4747 :::* LISTEN 16145/sshd tcp6 0 0 :::111 :::* LISTEN 155/rpcbind tcp6 0 0 :::80 :::* LISTEN 15413/nginx: master tcp6 0 0 :::25 :::* LISTEN 507/master
My sites-available config file:
server { listen 443 default_server ssl; listen [::]:443 default_server ssl; root /var/www/my_domain/html/; index index.html index.htm index.php; server_name my.domain.com; ssl on; ssl_certificate /etc/letsencrypt/live/my_domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/my_domain.com/privkey.pem; location / { root /var/www/my_domain.com/html/; index index.html index.php; } location /robots.txt/ { root /var/www/my_domain.com/html/robots.txt; } location /.well-known/acme-challenge { root /var/www/letsencrypt; }
My Nginx.conf :
worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; load_module /etc/nginx/modules/ngx_http_fancyindex_module.so; events { worker_connections 1024; } http { include mime.types; include /etc/nginx/sites-enabled/*; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } # HTTPS server # #server { #listen 443 ssl; #server_name localhost; #ssl_certificate /etc/letsencrypt/live/my.domain.com/fullchain.pem; #ssl_certificate_key /etc/letsencrypt/live/my.domain.com/privkey.pem; #ssl_session_cache shared:SSL:1m; #ssl_session_timeout 5m; #ssl_ciphers HIGH:!aNULL:!MD5; #ssl_prefer_server_ciphers on; #location / { #root html; #index index.html index.htm; #} #} }
My UFW Status :
To Action From -- ------ ---- 22 DENY Anywhere 4747 DENY Anywhere 80 ALLOW Anywhere 443 ALLOW Anywhere 22 (v6) DENY Anywhere (v6) 4747 (v6) DENY Anywhere (v6) 80 (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6)
Hopefully my two conf files aren't too much of a mess. If anyone has any ideas on why port 443 is being rejected I'd appreciate it. I thought maybe it might have something to do with the location of my .key files but wasn't sure on that. Also running 'nginx -t' works with no errors.
Also yes I'm aware that this post NGINX won't listen on port 443 exists but it was voted 'off topic' because the creator abandoned the post and so no solution was ever found.
-
user9517 over 6 yearsAre there any relevant messages in your logs.
-
Michael Hampton over 6 yearsIt's Debian-based. Did you link the sites-available conf to sites-enabled?
-
Bencc over 6 yearsNo, no relevant messages in my error log. And yes, the link is working. I'm able to connect fine to http:// my.domain.com and everything works as it should but https:// my.domain.com comes up with a 'connection refused' error, so I at least know that all the basic settings and configs are working. It's something specifically to do with https / port 443.
-
user9517 over 6 yearsThen you need to solve the log issue first. In my experience, nginx is pretty good at letting you know if there is a problem.
-
user9517 over 6 yearsAllegedly it's not running without error on port 443.
-
Bencc over 6 yearsCould this be a problem with my nginx.conf located in /usr/local/nginx/conf/ ? I linked the contents above and noticed that there is a server block for http that listens on 80 but no similar server block for https that listens on 443? There is a fully commented out section at the bottom of my nginx.conf file that suggests an https server block, I'm going to edit the main post to include it, could not having that be why my server isn't listening on 443?
-
-
user9517 over 6 yearsThe 3rd comment seems to answer this serverfault.com/questions/886087/…
-
Bencc over 6 yearsYeah I already have a symlink between the config file in /sites-available/ and /sites-enabled/. As I said the server and web page work perfectly over http connection, but nothing works at all over https or port 443 in general, which is what led me to believe that it is not open or being listened on for some reason that I have yet to uncover.