Web server errors often put users in a panic situation. And, when the error affects multiple websites, things go for a toss.
Apache not listening on port 443 is a typical error that happens after turning ON SSL on websites. This can happen due to many reasons like wrong Apache settings, firewall blocks and more.
At Bobcares, we often get requests from customers to fix Apache related errors as part of our Technical Support Services.
Today, we’ll see how Bobcares’ Engineers diagnose and fix Apache not listening on port 443 error.
Relevance of Apache port 443
By default, Apache uses port 80 for normal web traffic. But, when it has to deal with secure web transactions, it uses the port 443. This secure transaction works using the SSL certificate. When you go to a website which uses the link containing https:// at the beginning, you are connecting to port 443 of the web server. And for this to work, 443 port must be open on the server and Apache should listen on this port.
Data transferred across such https connections are highly resistant to eavesdropping.
In Apache, the Listen directive tells the server to accept incoming requests only on the specified ports. For example, to make the server accept connections on both port 80 and port 443, on all interfaces, we need to use:
Listen 80
Listen 443Or, if for security reasons, we need to restrict https connection on a specific IP, we set the Apache config directive as
Listen <IP>:443Here, we replace IP with the specific IP address of the server that need to handle secure traffic.
However, server will accept connection on port 443 only if inbound traffic is allowed via firewall too.
Reasons for Apache not listening on port 443
Apache not listening on port 443 is a common issue that we see while handling server. There could be several reasons for the error. Let’s check each of them in detail.
1. Wrong Apache configuration
Often issues with port 443 happen due to wrong entries in Apache configuration file. For example, some customers may add the ‘Listen‘ directive in the particular SSL include file at /etc/httpd/conf/extra/httpd-ssl.conf. But, may forget to activate the Include line in the main httpd.conf file. Thus, it may end up in port 443 connection failure.
Similarly, duplicate Listen statements, sites pointing to wrong IP address etc. also can create problems with secure websites. Again, the Apache configuration entries may be correct, but server will not have SSL module support. This again stops the working of SSL.
2. Port already in use
Yet another reason for port 443 failure is port used by some other service. In such cases, as the port 443 is already in use, Apache cannot start secure SSL connection.
3. Firewall blocks
Another common reason for Apache not listening on port 443 would be firewall. This could be the firewall that resides inside the server. Only when there are specific rules to accept connections, Apache would listen on port 443.
Moreover, network firewall also affect the port 443 connection. Certain organization may block several ports in their corporate firewall as part of tightening security. And, if port 443 is not allowed, users will have problems accessing websites using https:// link
Recently, when a customer reported problems with his secure websites, it was the Network Address Translation rules that created problems. The iptables NAT table had some rules redirecting traffic coming in on port 443 to a different port (8443). Unfortunately, nothing was listening on port 8443 and it resulted in website failure.
How we fix Apache port 443
We now know the probable reasons for port 443 failure. Now, let’s take a look at how our Support Engineers troubleshoot and fix the secure website connection.
1. Correcting Apache conf
As the first step, we check the Apache server configuration for typical errors. Recently, a customer reported the following error while trying Apache restart.
* Restarting web server apache2
(98)Address already in use: make_sock: could not bind to address [::]:443 [ OK ] On checking, we could see that there was an extra “Listen 443″ entry in /etc/apache2/ports.conf file. This was creating the conflict. After removing the duplicate entry followed by an Apache restart, the website started working fine.
2. Verifying services on port 443
When there do not exists any error with Apache configuration and still if port 443 connection fails, then we check for duplicate service listening on port 443 using:
netstat -ntupl | grep :443Here, it will show the services listening on port 443. Therefore, to fix, our Dedicated Engineers stop the duplicate service and do an Apache restart.
3. Fixing firewall
When having problems with port 443 connection, isolating firewall problems can be tricky. Here, we first check if the port is accessible within the server. For this, we use the command :
telnet localhost 443And, if the connection fails, most probably, the port 443 will not be open in the server firewall.
In servers using iptables, we use below command to open port 443.
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
service iptables save
service iptables restartAgain, when firewall programs like UFW was blocking port access, we had to execute “ufw allow 443” which fixed the underlying problem.
Additionally, if server listens correctly on port 443, it means that problem lies with the network firewall. This involves working with the server data center or modifying the network firewall settings too.
[Apache fails on port 443? We can make website secure access working.]
Conclusion
In short, the common reasons for Apache not listening on port 443 include wrong configuration settings, network firewall, etc. Today, we saw how our Support Engineers fix port 443 connection and make secure websites working again.
When installing httpd,the port 443 is being used.The ngix is installed.the port of http of httpd is changed from 80 to 8085 because of 443 that been used,the port of http is change to 444. Zabbix installed but need to be out by apache.https put not bu ngix.Ngix is used for dock container reverse proxy
Serve {
Listen 443Ssl;
Server_name wpress.example.com
Ssl_certificate/path/path.crt
Ssl_certificate_key/path.key
Location/{
Proxy_ pass http://192.168.20.21.8081
}
}
Hello Alma,
Looks like you have a custom configuration on your server. Our experts can help you further. We’ll be happy to talk to you on chat (click on the icon at right-bottom).
This website is no open please help me
Hello Sartaj,
We can help you in fixing the service unavailable error on your website. We’ll be happy to talk to you on chat (click on the icon at right-bottom).
SAME error when spacific page is open then 443 message error show on screen
Hi,
Please contact our support team via live chat
Hi, facing issue while accessing https://hservers.org/sapvt/
it is showing message
Forbidden
You don’t have permission to access this resource.
Apache/2.4.41 (Ubuntu) Server at hservers.org Port 443
please help me to sort out this
Hi Midhun,
Our Experts can help you with the issue, we’ll be happy to talk to you on chat (click on the icon at right-bottom).
Buenas tardes:
Active 443 y solo funciona si le pongo IP:443 en el virtual hosts, sin embrago al funcionar, me sale el siguiente mensaje y no me carga las imagenes como si no encontrara los directorios:
404 Page Not Found
Gracias
Hi,
Our Experts can help you with the issue, we’ll be happy to talk to you on chat (click on the icon at right-bottom).
Thank you soo much.
It was the ubuntu firewall that I missed. Forgot to open the SSL Port.
Can’t thank you enough.
Hi Karan,
Thanks for the feedback. We are glad to know that our article was helpful for you 🙂 .