Web server errors often put users in a panic situation. And, when the error affects multiple websites, things go for a toss.
Apache not listening on port 443 is a typical error that happens after turning ON SSL on websites. This can happen due to many reasons like wrong Apache settings, firewall blocks and more.
At 1onlyhost, we often get requests from customers to fix Apache related errors as part of our Technical Support Services.
Today, we’ll see how 1onlyhost’ Engineers diagnose and fix Apache not listening on port 443 error.
Relevance of Apache port 443
By default, Apache uses port 80 for normal web traffic. But, when it has to deal with secure web transactions, it uses the port 443. This secure transaction works using the SSL certificate. When you go to a website which uses the link containing https:// at the beginning, you are connecting to port 443 of the web server. And for this to work, 443 port must be open on the server and Apache should listen on this port.
Data transferred across such https connections are highly resistant to eavesdropping.
In Apache, the Listen directive tells the server to accept incoming requests only on the specified ports. For example, to make the server accept connections on both port 80 and port 443, on all interfaces, we need to use:
Listen 80
Listen 443
Or, if for security reasons, we need to restrict https connection on a specific IP, we set the Apache config directive as
Listen :443
Here, we replace IP with the specific IP address of the server that need to handle secure traffic.
However, server will accept connection on port 443 only if inbound traffic is allowed via firewall too.
Reasons for Apache not listening on port 443
Apache not listening on port 443 is a common issue that we see while handling server. There could be several reasons for the error. Let’s check each of them in detail.
1. Wrong Apache configuration
Often issues with port 443 happen due to wrong entries in Apache configuration file. For example, some customers may add the ‘Listen‘ directive in the particular SSL include file at /etc/httpd/conf/extra/httpd-ssl.conf. But, may forget to activate the Include line in the main httpd.conf file. Thus, it may end up in port 443 connection failure.
Similarly, duplicate Listen statements, sites pointing to wrong IP address etc. also can create problems with secure websites. Again, the Apache configuration entries may be correct, but server will not have SSL module support. This again stops the working of SSL.
2. Port already in use
Yet another reason for port 443 failure is port used by some other service. In such cases, as the port 443 is already in use, Apache cannot start secure SSL connection.
3. Firewall blocks
Another common reason for Apache not listening on port 443 would be firewall. This could be the firewall that resides inside the server. Only when there are specific rules to accept connections, Apache would listen on port 443.
Moreover, network firewall also affect the port 443 connection. Certain organization may block several ports in their corporate firewall as part of tightening security. And, if port 443 is not allowed, users will have problems accessing websites using https:// link
Recently, when a customer reported problems with his secure websites, it was the Network Address Translation rules that created problems. The iptables NAT table had some rules redirecting traffic coming in on port 443 to a different port (8443). Unfortunately, nothing was listening on port 8443 and it resulted in website failure.
How we fix Apache port 443
We now know the probable reasons for port 443 failure. Now, let’s take a look at how our Support Engineers troubleshoot and fix the secure website connection.
1. Correcting Apache conf
As the first step, we check the Apache server configuration for typical errors. Recently, a customer reported the following error while trying Apache restart.
* Restarting web server apache2
(98)Address already in use: make_sock: could not bind to address [::]:443 [ OK ]
On checking, we could see that there was an extra “Listen 443″ entry in /etc/apache2/ports.conf file. This was creating the conflict. After removing the duplicate entry followed by an Apache restart, the website started working fine.
2. Verifying services on port 443
When there do not exists any error with Apache configuration and still if port 443 connection fails, then we check for duplicate service listening on port 443 using:
netstat -ntupl | grep :443
Here, it will show the services listening on port 443. Therefore, to fix, our Dedicated Engineers stop the duplicate service and do an Apache restart.
3. Fixing firewall
When having problems with port 443 connection, isolating firewall problems can be tricky. Here, we first check if the port is accessible within the server. For this, we use the command :
telnet localhost 443
And, if the connection fails, most probably, the port 443 will not be open in the server firewall.
In servers using iptables, we use below command to open port 443.
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
service iptables save
service iptables restart
Again, when firewall programs like UFW was blocking port access, we had to execute “ufw allow 443” which fixed the underlying problem.
Additionally, if server listens correctly on port 443, it means that problem lies with the network firewall. This involves working with the server data center or modifying the network firewall settings too.
[Apache fails on port 443? We can make website secure access working.]
Conclusion
In short, the common reasons for Apache not listening on port 443 include wrong configuration settings, network firewall, etc. Today, we saw how our Support Engineers fix port 443 connection and make secure websites working again.