SSL installed on Apache2 but HTTPS not working
Solution 1
In httpd-ssl.conf, do you have Listen 443
If not, try adding that, and restarting apache.
Solution 2
First check if mod_ssl is enabled. If not, enable it by running a2enmod ssl. Then check if Apache is listening on port 443 for https. Then check if the firewall is not blocking port 443.
Solution 3
If anyone else finds this and is using Amazon Lightsail (like me), you have to use their web UI to explicitly open port 443.
I spent hours pouring over my server config files before I discovered that :/
Solution 4
In httpd.conf the following is disabled by default:
# Secure (SSL/TLS) connections
# Include conf/extra/httpd-ssl.conf
Simply remove the # from the Include and restart Apache.
Solution 5
If you can connect locally (e.g. with telnet localhost 443 as mti suggests), check if the firewall is configured properly.
In my case, ufw was blocking everything, so I had to ufw allow 443 which fixed the underlying problem to the same symptom.
Related videos on Youtube
16 : 06
08 : 26
19 : 57
07 : 02
29 : 44
11 : 32
13 : 12
14 : 32
13 : 13
rocketas
Updated on October 30, 2020Comments
-
rocketas over 3 years
I recently installed an SSL certificate on my Amazon EC2 Ubuntu 12.04(32bit) server running Apache 2.
When I attempt to access my site via https, it does not load. When I perform an nmap scan, i see that port 443 is not open.
I tried to open port 443 in my ip tables to no avail.
iptables -LyeildsChain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:httpsHere's how I installed ssl
I modified /etc/init.d/apache2.conf to include ssl.conf and modified ssl.conf to include the requisite paths of my certificate files, ie
SSLCertificateFile /path/file SSLCertificateKeyFile /path/file SSLCertificateChainFile /path/file
I configured my security group to allow inbound requests from port 443 (TCP source:0.0.0.0/0)
When I perform the following test with php
if (!extension_loaded('openssl')) { echo "not loaded"; } else { echo "loaded" ; }I get "loaded".
Any ideas?
-
mti2935 almost 11 yearswhat happens when you try opening a telnet connection from a remote machine to your server on port 443? Does it connect? If so, then you can rule out a firewall or routing problem, or a problem with iptables. I would also be curious if your apache logs are showing anything interesting. -
rocketas almost 11 yearstelnet to 443 returns "Connection Refused". Nothing is appended to apache logs when I attempt to access mydomain.net
-
mti2935 almost 11 yearsInteresting. How about if you try a loopback connection, from the host itself, on port 443? In other words, telnet localhost 443. Does that connect? I'm trying to isolate whether this is an apache issue or a networking / firewall issue.
-
rocketas almost 11 yearsAhh looks like an apache issue. Thanks
-
-
rocketas almost 11 yearsI did not. While I'm using apache2.conf(ubuntu thing?) to load an external ssl.conf, I did not have this directive anywhere. Adding it directly to my apache conf and reconfiguring virtual host directive / mod_ssl.so include resolved things. Thanks
-
AlexMA about 10 yearsThanks, this idea helped us figure out our issue. For us it was the corporate firewall though, so people should consider that as well.
-
Travis over 9 yearsiptables -F will delete all your firewall rules. Not a good idea. ipset.netfilter.org/iptables.man.html
-
haakym almost 8 yearsI'm probably going to leave on work time now thanks to this. Thank you.
-
CodeMouse92 almost 8 yearsThis worked for me as well, only I had to modify "ports.conf" -
Bakhshi almost 8 yearsin apache 2.4 the file is
ports.conf -
me_ about 7 years@Bakhshi--that depends on your distribution of apache, your platform, and the default configuration... xampp distributes apache 2.4.* on windows with the ssl settings in httpd-ssl.conf, it is port 443 is enabled by default... the virtual host section in this file needs some alteration to point to a specific domain, but it's not in ports.conf -
Arunabh Das almost 6 yearsMe too. Please check your Inbound firewall ports, 443 in this case.
-
Sunday Ikpe almost 6 yearsYou could make it the first line of your conf file, outside the tags, always works -
Sukumar Gorai over 5 yearsThanks bro, You saved me. -
MeMReS over 5 yearsThanks, spent an hour trying to figure this out and all along the problem was ports.conf
-
The Doctor over 3 yearsYou're a lifesaver
-
Stefano about 3 yearsThank you, this was the hint for me. I had an EC2 instance linked to a Security Group with no inbound rule for HTTPS (443).
-
Denimar Fernandez almost 3 yearsThank you! Totally missed this one
-
John Hon almost 3 yearsif anyone is on oracle cloud, same thing!
-
doweio about 2 yearsThis was exactly the issue I was having. I think the NAT rules were in place to service a VM running on my server, although as that has its own (bridged) IP those rules are not necessary.
