Apache 443 Connection Refused Error – How to Fix

so i'm running into a very funny, frustrating, and odd issue.

I have a RackSpace webserver running a webiste. Lets calls it dummy.com.

http://dummy.com is accessible on port 80 no problem. But accessing https://dummy.com gives me a This site can't be reached error on Chrome and similar on FireFox.

But what is confusing is that https://1.11.111.1111 works (meaning if i access the site via its IP i'm able to access it)

this is the VirtualHost config I'm using:

<VirtualHost *:80>
        ServerName dummy.com
        ServerAlias  www.dummy.com
        DocumentRoot /var/www/vhosts/www.dummy.com

        <Directory /var/www/vhosts/www.dummy.com>
                Options -Indexes +FollowSymLinks -MultiViews
                AllowOverride All
        </Directory>
</VirtualHost>

<VirtualHost *:443>
        ServerName dummy.com
        ServerAlias  www.dummy.com 
        DocumentRoot /var/www/vhosts/www.dummy.com
        <Directory /var/www/vhosts/www.dummy.com>
                Options -Indexes +FollowSymLinks -MultiViews
                AllowOverride All
        </Directory>

        ...

        SSLEngine on
        SSLCertificateFile /var/www/ssl/DUMMY.COM.crt
        SSLCertificateKeyFile /var/www/ssl/dummy_com.key
        SSLCertificateChainFile /var/www/ssl/ov_chain.txt
</VirtualHost>

I had a thought that maybe the domain isn't being picked up on port 443 but that would be true for port 80 on this config.

So another question, because this is a server hosted on RackSpace is there a firewall setting in the manager that would be the cause of this issue? I'm stumped on this =(

oh, also this is the netstat -tnlp snippet

tcp6 0 0 :::25 :::* LISTEN 1670/master tcp6 0 0 :::443 :::* LISTEN 9013/apache2

and ss -tnlp | grep :80

LISTEN 0 128 :::80 :::* users:(("apache2",9025,4),("apache2",9020,4),("apache2",9019,4),("apache2",9018,4),("apache2",9017,4),("apache2",9016,4),("apache2",9013,4))

ss -tnlp | grep :443

LISTEN 0 128 :::443 :::* users:(("apache2",9025,6),("apache2",9020,6),("apache2",9019,6),("apache2",9018,6),("apache2",9017,6),("apache2",9016,6),("apache2",9013,6))

edit: here is the apache logs when the server starts:

[Sun Oct 07 11:09:12.646647 2018] [ssl:info] [pid 10085] AH02200: Loading certificate & private key of SSL-aware server 'dummy.com:443'
[Sun Oct 07 11:09:12.647104 2018] [ssl:debug] [pid 10085] ssl_engine_pphrase.c(506): AH02249: unencrypted RSA private key - pass phrase not required
[Sun Oct 07 11:09:12.647176 2018] [ssl:info] [pid 10085] AH01914: Configuring server dummy.com:443 for SSL protocol
[Sun Oct 07 11:09:12.647722 2018] [ssl:debug] [pid 10085] ssl_engine_init.c(791): AH01904: Configuring server certificate chain (3 CA certificates)
[Sun Oct 07 11:09:12.647742 2018] [ssl:debug] [pid 10085] ssl_engine_init.c(328): AH01893: Configuring TLS extension handling
[Sun Oct 07 11:09:12.647750 2018] [ssl:debug] [pid 10085] ssl_engine_init.c(838): AH02232: Configuring RSA server certificate
[Sun Oct 07 11:09:12.647952 2018] [ssl:debug] [pid 10085] ssl_util_ssl.c(407): AH02412: [dummy.com:443] Cert matches for name 'dummy.com' [subject: CN=dummy.com,OU=Secure Link SSL,OU=IT,O=Dummy Corp,street=123 Happy Ave,L=Some City,ST=XX,postalCode=12345,C=US / issuer: CN=Network Solutions OV Server CA 2,O=Network Solutions L.L.C.,L=Herndon,ST=VA,C=US / serial: 501C094D916AE8257C96F3C794F0A10B / notbefore: Oct  6 00:00:00 2018 GMT / notafter: Sep 28 23:59:59 2020 GMT]
[Sun Oct 07 11:09:12.647988 2018] [ssl:debug] [pid 10085] ssl_engine_init.c(893): AH02236: Configuring RSA server private key
[Sun Oct 07 11:09:12.682709 2018] [ssl:info] [pid 10086] AH02200: Loading certificate & private key of SSL-aware server 'dummy.com:443'
[Sun Oct 07 11:09:12.683385 2018] [ssl:debug] [pid 10086] ssl_engine_pphrase.c(506): AH02249: unencrypted RSA private key - pass phrase not required
[Sun Oct 07 11:09:12.683569 2018] [ssl:info] [pid 10086] AH01914: Configuring server dummy.com:443 for SSL protocol
[Sun Oct 07 11:09:12.684012 2018] [ssl:debug] [pid 10086] ssl_engine_init.c(791): AH01904: Configuring server certificate chain (3 CA certificates)
[Sun Oct 07 11:09:12.684085 2018] [ssl:debug] [pid 10086] ssl_engine_init.c(328): AH01893: Configuring TLS extension handling
[Sun Oct 07 11:09:12.684149 2018] [ssl:debug] [pid 10086] ssl_engine_init.c(838): AH02232: Configuring RSA server certificate
[Sun Oct 07 11:09:12.684333 2018] [ssl:debug] [pid 10086] ssl_util_ssl.c(407): AH02412: [dummy.com:443] Cert matches for name 'dummy.com' [subject: CN=dummy.com,OU=Secure Link SSL,OU=IT,O=Dummy Corp,street=123 Happy Ave,L=Some City,ST=XX,postalCode=12345,C=US / issuer: CN=Network Solutions OV Server CA 2,O=Network Solutions L.L.C.,L=Herndon,ST=VA,C=US / serial: 501C094D916AE8257C96F3C794F0A10B / notbefore: Oct  6 00:00:00 2018 GMT / notafter: Sep 28 23:59:59 2020 GMT]
[Sun Oct 07 11:09:12.684392 2018] [ssl:debug] [pid 10086] ssl_engine_init.c(893): AH02236: Configuring RSA server private key

thanks guys

Best Answer

There is a concept of so called Security Groups in Rackspace.
Login to Rackspace console, click on your server and scroll down to "Network and Security groups".
Another possibility is firewall on your host (iptables -L assuming it's one of the RedHat derivatives). You can test if port 443 is open from outside with nmap or nc, you obviously need to be on remote host for it so you can see if you can establish TCP session towards port 443.

Best Answer

Related Solutions

Ssl – Apache certificates for some urls not working

Ssl – AH01896: Unable to determine list of acceptable CA certificates for client authentication in Apache v2.4 SSLCACertificatePath directive

Related Topic