Score:1

Server

Apache server port 443 connection refused

Robbie Zhao

4/11/23, 5:17 AM

Recently configured SSL on Apache 2.4/Ubuntu 20.04 hosted on Oracle Cloud and have been getting connection refused for https/port 443.

External device:

$ curl simpliassure.com:443
curl: (7) Failed to connect to simpliassure.com port 443: Connection refused

$ curl simpliassure.com
(normal html content loads)

$ nmap -p 443 132.145.100.143
Host is up (0.024s latency).
PORT    STATE  SERVICE
443/tcp closed https

ssh'd into server:

$ curl localhost
(normal html content loads)

$ curl localhost:443
(normal html content loads)

$ curl https://localhost
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

$ apachectl configtest
Syntax OK

$ sudo apache2ctl -S
VirtualHost configuration:
132.145.100.143:80     simpliassure.com (/etc/apache2/sites-enabled/default-ssl.conf:3)
132.145.100.143:443    simpliassure.com (/etc/apache2/sites-enabled/default-ssl.conf:14)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default 
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

$ ss -tupln
Netid  State   Recv-Q  Send-Q    Local Address:Port   Peer Address:Port Process 
udp    UNCONN  0       0               0.0.0.0:111         0.0.0.0:*            
udp    UNCONN  0       0         127.0.0.53%lo:53          0.0.0.0:*            
udp    UNCONN  0       0        10.0.0.29%ens3:68          0.0.0.0:*            
udp    UNCONN  0       0                  [::]:111            [::]:*            
tcp    LISTEN  0       4096            0.0.0.0:111         0.0.0.0:*            
tcp    LISTEN  0       4096      127.0.0.53%lo:53          0.0.0.0:*            
tcp    LISTEN  0       128             0.0.0.0:22          0.0.0.0:*            
tcp    LISTEN  0       4096               [::]:111            [::]:*            
tcp    LISTEN  0       511                   *:80                *:*            
tcp    LISTEN  0       128                [::]:22             [::]:*            
tcp    LISTEN  0       511                   *:443               *:*

/etc/sites-available/default-ssl.conf is the only symlink under /etc/sites-enabled/default-ssl.conf

/etc/sites-available/default-ssl.conf:

<IfModule mod_ssl.c>
    <VirtualHost 132.145.100.143:80>
        ServerAdmin webmaster@localhost
        ServerName simpliassure.com

        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

    </VirtualHost>

    <VirtualHost 132.145.100.143:443>
        ServerAdmin webmaster@localhost
        ServerName simpliassure.com

        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on

        SSLCertificateFile /home/ubuntu/certificate_bundle/www.simpliassure.com.crt
        SSLCertificateKeyFile /home/ubuntu/certificate_bundle/www.simpliassure.com.key
        SSLCertificateChainFile /home/ubuntu/certificate_bundle/www.simpliassure.com_intermediate.crt

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>
    </VirtualHost>
</IfModule>

/etc/apache2/ports.conf:

Listen 80
Listen 443

Ubuntu's ufw is inactive. Ran...

$ sudo ufw allow https
$ sudo a2enmod ssl
$ sudo a2enmod headers
$ sudo a2ensite default-ssl
$ sudo systemctl restart apache2

... with no luck.

Oracle Virtual Cloud Network Ingress Rules:

Oracle Virtual Cloud Network Ingress Rules

Any ideas?

1696

0 + 0

ubuntu

ssl

https

apache2

vidarlo

4/11/23, 10:03 AM

Do you perhaps have a firewall that blocks incoming packets to port 443?

VictorMJ

4/11/23, 10:55 AM

Try to execute the curl inside the web server, using localhost: `curl https://localhost` if that works for you means that your webserver is exposing the port `443` correctly, and you have any kind of `firewall` at network level that it is `blocking` requests to `443` from outside.

Robbie Zhao

4/11/23, 11:13 PM

I'm using the free version of Oracle Cloud which doesn't come with firewall features. I've included the `traffic rules` and `curl localhost` results in my post. Interestingly `curl https://localhost` does not work but `curl localhost:443` works.

shearn89

4/17/23, 9:27 AM

It's odd that the curl works to port 443, but not via HTTPS. Curl will use HTTP by default, so that sounds to me like Apache is listening for HTTP on 443 but not HTTPS?

Score:0

Server

Aalom

4/11/23, 11:52 PM

Theres an error clearly on the curl, seems like theres something up with your cert. Check what hostname you assigned to the cert against the server. Also when conducting certs make sure you utilize subjectaltnames so it captures both the hostname, fqdn and if need be the ip depending on your needs.

0 + 0

Score:0

Server

borcan22

4/11/23, 11:59 AM

Run a "nmap -p 443 132.145.100.143" from outside to verify if the port is open/filtered. Check all the firewall on the sistem, not only UFW.

0 + 0

Robbie Zhao

4/11/23, 11:18 PM

`nmap` port 443 gives that the port is closed. I posted what I think could be the only thing that blocks traffic, the Oracle VCN Ingress Rules. Do those look alright to you?

borcan22

4/12/23, 8:06 AM

If the port is closed I think the host is not running webservice

Score:0

Server

Jonas S. Marques

4/11/23, 11:08 AM

Check your Oracle firewall; If the port 443 was not opened, them open it.
Check your ufw firewall; Run as root: ufw allow https

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Apache server port 443 connection refused

TH: การเชื่อมต่อพอร์ตเซิร์ฟเวอร์ Apache 443 ถูกปฏิเสธ

RO: Conexiunea la portul 443 al serverului Apache a fost refuzată

RU: Соединение с портом 443 сервера Apache отклонено

VI: Cổng máy chủ Apache kết nối 443 bị từ chối

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.