Connections to https are refused (7552)

Question Title

Please include an alpha-numeric character in your title (0-9, A-Z, a-z)

Description

<r>EDIT: After 4 hours, I can't believe it was only a matter of doing a2enmod ssl. Wow. Solved.

If I go to my site, connections over http are fine, but if I try https, connections are refused and I can't figure out why. Below is info from the only places I know to look.

default-ssl shows up in both /etc/apache2/sites-available and /etc/apache2/sites-enabled

Any ideas?

Ubuntu 12.04 LTS LAMP server

–-BEGIN excerpt of /etc/apache2/sites-available/default-ssl -----

<ifmodule mod_ssl.c=""><virtualhost xx.xx.xx.xx:443="">ServerAdmin <email email="admin@xxxx.com">admin@xxxx.com</email>

DocumentRoot /var/www

<directory>Options FollowSymLinks

AllowOverride None</directory>

<directory var="" www="">Options Indexes FollowSymLinks MultiViews

AllowOverride None

Order allow,deny

allow from all</directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

<directory "="" usr="" lib="" cgi-bin"="">AllowOverride None

Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

Order allow,deny

Allow from all</directory>

ErrorLog /var/log/apache2/error.log

LogLevel warn

CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined

Alias /doc/ "/usr/share/doc/"

<directory "="" usr="" share="" doc="">Options Indexes MultiViews FollowSymLinks

AllowOverride None

Order deny,allow

Deny from all

Allow from 127.0.0.0/255.0.0.0 ::1/128</directory>

SSLEngine on

SSLCertificateFile /etc/ssl/certs/certificate.crt

SSLCertificateKeyFile /etc/ssl/private/prvtky.key

SSLCertificateChainFile /etc/ssl/certs/intermediate.crt

---END excerpt of /etc/apache2/sites-available/default-ssl -----

---BEGIN /etc/iptables.firewall.rules ---------

*filter

# Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0

-A INPUT -i lo -j ACCEPT

-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT

# Accept all established inbound connections

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow all outbound traffic - you can modify this to only allow certain traffic

-A OUTPUT -j ACCEPT

# Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).

-A INPUT -p tcp --dport 80 -j ACCEPT

-A INPUT -p tcp --dport 443 -j ACCEPT

# Allow SSH connections

#

# The -dport number should be the same port number you set in sshd_config

#

-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

-A INPUT -p tcp --dport 143 -j ACCEPT

-A INPUT -p tcp --dport 993 -j ACCEPT

-A INPUT -p tcp --dport 25 -j ACCEPT

# Allow ping

-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

# Log iptables denied calls

-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

# Reject all other inbound - default deny unless explicitly allowed policy

-A INPUT -j REJECT

-A FORWARD -j REJECT

COMMIT

---END /etc/iptables.firewall.rules ---------</virtualhost></ifmodule></r>

Please enter a question

Tags (Optional, comma-separated)

Compute

Storage

Databases

Networking

Developer Tools

Delivery

Security

Services

Industries

Pricing

Community

Engage With Us

Connections to https are refused

Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0

Accept all established inbound connections

Allow all outbound traffic - you can modify this to only allow certain traffic

Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).

Allow SSH connections

The -dport number should be the same port number you set in sshd_config

Allow ping

Log iptables denied calls

Reject all other inbound - default deny unless explicitly allowed policy

0 Replies

Reply

Tips: