Connections to https are refused

EDIT: After 4 hours, I can't believe it was only a matter of doing a2enmod ssl. Wow. Solved.

If I go to my site, connections over http are fine, but if I try https, connections are refused and I can't figure out why. Below is info from the only places I know to look.

default-ssl shows up in both /etc/apache2/sites-available and /etc/apache2/sites-enabled

Any ideas?

Ubuntu 12.04 LTS LAMP server

–-BEGIN excerpt of /etc/apache2/sites-available/default-ssl -----

ServerAdmin admin@xxxx.com

DocumentRoot /var/www

Options FollowSymLinks

AllowOverride None

Options Indexes FollowSymLinks MultiViews

AllowOverride None

Order allow,deny

allow from all

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

AllowOverride None

Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

Order allow,deny

Allow from all

ErrorLog /var/log/apache2/error.log

LogLevel warn

CustomLog ${APACHELOGDIR}/ssl_access.log combined

Alias /doc/ "/usr/share/doc/"

Options Indexes MultiViews FollowSymLinks

AllowOverride None

Order deny,allow

Deny from all

Allow from 127.0.0.0/255.0.0.0 ::1/128

SSLEngine on

SSLCertificateFile /etc/ssl/certs/certificate.crt

SSLCertificateKeyFile /etc/ssl/private/prvtky.key

SSLCertificateChainFile /etc/ssl/certs/intermediate.crt

---END excerpt of /etc/apache2/sites-available/default-ssl -----

---BEGIN /etc/iptables.firewall.rules ---------

*filter

Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0

-A INPUT -i lo -j ACCEPT

-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT

Accept all established inbound connections

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Allow all outbound traffic - you can modify this to only allow certain traffic

-A OUTPUT -j ACCEPT

Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).

-A INPUT -p tcp --dport 80 -j ACCEPT

-A INPUT -p tcp --dport 443 -j ACCEPT

Allow SSH connections

#

The -dport number should be the same port number you set in sshd_config

#

-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

-A INPUT -p tcp --dport 143 -j ACCEPT

-A INPUT -p tcp --dport 993 -j ACCEPT

-A INPUT -p tcp --dport 25 -j ACCEPT

Allow ping

-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

Log iptables denied calls

-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

Reject all other inbound - default deny unless explicitly allowed policy

-A INPUT -j REJECT

-A FORWARD -j REJECT

COMMIT

---END /etc/iptables.firewall.rules ---------

0 Replies

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct