Connections to https are refused (7552)

Question Title

Please include an alpha-numeric character in your title (0-9, A-Z, a-z)

Description

<r>EDIT: After 4 hours, I can't believe it was only a matter of doing a2enmod ssl. Wow. Solved.

If I go to my site, connections over http are fine, but if I try https, connections are refused and I can't figure out why. Below is info from the only places I know to look.

default-ssl shows up in both /etc/apache2/sites-available and /etc/apache2/sites-enabled

Any ideas?

Ubuntu 12.04 LTS LAMP server

–-BEGIN excerpt of /etc/apache2/sites-available/default-ssl -----

<ifmodule mod_ssl.c=""><virtualhost xx.xx.xx.xx:443="">ServerAdmin <email email="admin@xxxx.com">admin@xxxx.com</email>

DocumentRoot /var/www

<directory>Options FollowSymLinks

AllowOverride None</directory>

<directory var="" www="">Options Indexes FollowSymLinks MultiViews

AllowOverride None

Order allow,deny

allow from all</directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

<directory "="" usr="" lib="" cgi-bin"="">AllowOverride None

Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

Order allow,deny

Allow from all</directory>

ErrorLog /var/log/apache2/error.log

LogLevel warn

CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined

Alias /doc/ "/usr/share/doc/"

<directory "="" usr="" share="" doc="">Options Indexes MultiViews FollowSymLinks

AllowOverride None

Order deny,allow

Deny from all

Allow from 127.0.0.0/255.0.0.0 ::1/128</directory>

SSLEngine on

SSLCertificateFile /etc/ssl/certs/certificate.crt

SSLCertificateKeyFile /etc/ssl/private/prvtky.key

SSLCertificateChainFile /etc/ssl/certs/intermediate.crt

---END excerpt of /etc/apache2/sites-available/default-ssl -----

---BEGIN /etc/iptables.firewall.rules ---------

*filter

# Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0

-A INPUT -i lo -j ACCEPT

-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT

# Accept all established inbound connections

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow all outbound traffic - you can modify this to only allow certain traffic

-A OUTPUT -j ACCEPT

# Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).

-A INPUT -p tcp --dport 80 -j ACCEPT

-A INPUT -p tcp --dport 443 -j ACCEPT

# Allow SSH connections

#

# The -dport number should be the same port number you set in sshd_config

#

-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

-A INPUT -p tcp --dport 143 -j ACCEPT

-A INPUT -p tcp --dport 993 -j ACCEPT

-A INPUT -p tcp --dport 25 -j ACCEPT

# Allow ping

-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

# Log iptables denied calls

-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

# Reject all other inbound - default deny unless explicitly allowed policy

-A INPUT -j REJECT

-A FORWARD -j REJECT

COMMIT

---END /etc/iptables.firewall.rules ---------</virtualhost></ifmodule></r>

Please enter a question

Tags (Optional, comma-separated)

Compute

Storage

Networking

Databases

Services

Developer Tools

Industries

Pricing

Community

Engage With Us

Connections to https are refused

Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0

Accept all established inbound connections

Allow all outbound traffic - you can modify this to only allow certain traffic

Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).

Allow SSH connections

The -dport number should be the same port number you set in sshd_config

Allow ping

Log iptables denied calls

Reject all other inbound - default deny unless explicitly allowed policy

0 Replies

Reply

Tips: