Web Server issues are generally frustration and can disrupt the functioning of your Website.
When Apache is not listening on Port 443, the website will not work and this occurs after turning ON SSL on websites.
Different reasons can trigger this error including Incorrect Apache settings, firewall blocks and others.
Here at Ibmi Media, as part of our Technical Support Services, we regularly help our Customers to fix Apache related errors.
In this context, we will look into how to troubleshoot and solve Apache not listening on port 443 error.
Importance of Apache port 443?
Apache web Server uses port 80 by default to allow web traffic. But for handling secure communications, it has to use port 443. For this to work, then you need to have a valid SSL Certificate.
Basically, when you visit a website via this URL https://, this will establish a connection via port 443 of the web server. To enable this to function, Port 443 must be open on the server and then Apache web Server needs to listen on this port as well.
HTTPS connections ensures a secure communication protocol when data is transmitted in the server and secure data against attackers.
For Apache, the Listen directive tells the server to accept incoming requests only on the specified ports. For instance, to make the server accept connections on both port 80 and port 443, on all interfaces, we need to use the following directives;
Alternatively, we can restrict access to https connection for a specific IP address which can be configured in Apache configuration file to look like this;
In this case, "IP" should be replaced by the actual IP address of the server that need to handle secure traffic.
In essence, server will accept connection on port 443 only if inbound traffic is allowed via firewall as well.
Main Reasons for Apache not listening on port 443
Apache not listening on port 443 is a common issue that we see while handling web servers. Different factors can trigger this error including;
1. Incorrect Apache configuration
Sometimes issues with port 443 Occurs as a result of wrong entries in Apache configuration file. For instance, when you add the 'Listen' directive in the particular SSL include file at "/etc/httpd/conf/extra/httpd-ssl.conf" and then forget to activate the Include line in the main "httpd.conf" file. This will cause port 443 connection failure.
In other cases, duplicate Listen statements, sites pointing to wrong IP address and so on can also cause issues SSL issues for the affected website. Even when the entries in the Apache configuration are correct, the server might not have SSL module support, which will also lead to this sort of issues.
2. When Port is already in use
Similarly, port 443 can fail when it is in use by some other service. Since port 443 is already in use, Apache cannot start secure SSL connection.
3. Firewall blocks
Another common reason for Apache not listening on port 443 would be firewall. This could be the firewall that resides inside the server. Only when there are specific rules to accept connections, Apache would listen on port 443.
Moreover, network firewall also affect the port 443 connection. Certain organization may block several ports in their corporate firewall as part of tightening security. And, if port 443 is not allowed, users will have problems accessing websites using https:// link.
Recently, when a customer reported problems with his secure websites, it was the Network Address Translation rules that created problems. The iptables NAT table had some rules redirecting traffic coming in on port 443 to a different port (8443). Unfortunately, nothing was listening on port 8443 and it resulted in website failure.
How to fix Apache port 443
You can apply the following tips to fix the secure website connection;
1. Correcting Apache conf
To start, check Apache web server configuration for errors. Recently, one of our customer reported the following error while trying to restart Apache;
* Restarting web server apache2
(98)Address already in use: make_sock: could not bind to address [::]:443 [ OK ]
On checking, we could see that there was an extra "Listen 443" entry in "/etc/apache2/ports.conf" file. This was creating the conflict. After removing the duplicate entry followed by an Apache restart, the website started working fine.
2. Verifying services on port 443
When there do not exists any error with Apache configuration and still if port 443 connection fails, then we check for duplicate service listening on port 443 using:
netstat -ntupl | grep :443
Here, it will show the services listening on port 443. Therefore, to fix, our Dedicated Engineers stop the duplicate service and do an Apache restart.
3. Fixing firewall
When having problems with port 443 connection, isolating firewall problems can be confusing. Here, we first check if the port is accessible within the server. For this, we use the command :
telnet localhost 443
And, if the connection fails, most probably, the port 443 will not be open in the server firewall.
In servers using iptables, we use below command to open port 443.
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
service iptables save
service iptables restart
Again, when firewall programs like UFW was blocking port access, we had to execute "ufw allow 443" which fixed the underlying problem.
Additionally, if server listens correctly on port 443, it means that problem lies with the network firewall. This involves working with the server data center or modifying the network firewall settings too.