Port 443 not working on EC2 Plesk and not able to install license
0
There is a serious server fault in EC2,
sudo netstat -nupt -l
shows
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 172.31.40.53:53 0.0.0.0:* LISTEN 1304/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1304/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1445/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1901/
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1304/named
tcp 0 0 127.0.0.1:12346 0.0.0.0:* LISTEN 1901/
tcp 0 0 172.31.40.53:443 0.0.0.0:* LISTEN 2043/nginx
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 1509/config
tcp 0 0 0.0.0.0:4190 0.0.0.0:* LISTEN 1315/dovecot
tcp 0 0 127.0.0.1:12768 0.0.0.0:* LISTEN 1405/psa-pc-remote
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 1315/dovecot
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 1315/dovecot
tcp 0 0 0.0.0.0:7080 0.0.0.0:* LISTEN 2080/apache2
tcp 0 0 0.0.0.0:7081 0.0.0.0:* LISTEN 2080/apache2
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 1315/dovecot
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 1966/perl
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 1315/dovecot
tcp 0 0 172.31.40.53:80 0.0.0.0:* LISTEN 2043/nginx
tcp 0 0 0.0.0.0:8880 0.0.0.0:* LISTEN 1509/config
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 1901/
tcp6 0 0 :::21 :::* LISTEN 1630/xinetd
tcp6 0 0 :::53 :::* LISTEN 1304/named
tcp6 0 0 :::22 :::* LISTEN 1445/sshd
tcp6 0 0 :::25 :::* LISTEN 1901/
tcp6 0 0 :::8443 :::* LISTEN 1509/config
tcp6 0 0 :::4190 :::* LISTEN 1315/dovecot
tcp6 0 0 :::993 :::* LISTEN 1315/dovecot
tcp6 0 0 :::995 :::* LISTEN 1315/dovecot
tcp6 0 0 :::3306 :::* LISTEN 1409/mysqld
tcp6 0 0 :::106 :::* LISTEN 1630/xinetd
tcp6 0 0 :::110 :::* LISTEN 1315/dovecot
tcp6 0 0 :::143 :::* LISTEN 1315/dovecot
tcp6 0 0 :::8880 :::* LISTEN 1509/config
tcp6 0 0 :::465 :::* LISTEN 1901/
udp 0 0 172.31.40.53:53 0.0.0.0:* 1304/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 1304/named
udp 0 0 0.0.0.0:68 0.0.0.0:* 1075/dhclient
udp6 0 0 :::53 :::* 1304/named
Port 443 is blocked and not working
I have tried everything
sudo a2enmod ssl
sudo a2ensite default-ssl
sudo /etc/init.d/apache2 restart
Also ufw 443 is also not working
My security groups configuration for 443 is for inbound and outbound
Please help!! Also note that I am not able to install anything via apt as well as it stucks from 0% installation
1 Answer
- Newest
- Most votes
- Most comments
2
Hello.
Is HTTPS allowed in EC2's security group inbound rules?
Also, is HTTPS allowed in the network ACL of the subnet where EC2 is launched?
Also, check that HTTPS is not blocked by the firewall settings of the EC2 OS.
Once you have confirmed this, please make sure that the web server settings are set to listen on HTTPS.
Relevant content
- Accepted Answerasked 5 months ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 18 days ago
- AWS OFFICIALUpdated a year ago
The issue looks like in firewall-cmd
When I use this command :
sudo netstat -tulpn | grep :443 It gives output tcp 0 0 172.31.40.53:443 0.0.0.0:* LISTEN 5138/nginx
I can not use the firewall-cmd command as firewalld is not installed and can not able to install it as it shows only this
apt install firewalld Reading package lists... Done Building dependency tree
Reading state information... Done The following additional packages will be installed: ebtables python3-decorator python3-selinux python3-slip python3-slip-dbus The following NEW packages will be installed: ebtables firewalld python3-decorator python3-selinux python3-slip python3-slip-dbus 0 upgraded, 6 newly installed, 0 to remove and 85 not upgraded. Need to get 624 kB of archives. After this operation, 4,025 kB of additional disk space will be used. Do you want to continue? [Y/n] Y 0% [Connecting to us-east-1.ec2.archive.ubuntu.com (52.207.133.243)]
and then timeout
ACL tables have added htttps rule in inblud and outbound , so that one is ok. Need to fix the issue with firewall , can you help how to access firewall without commandline and also without plesk , as plesk is expired.
The subnet's network ACL is stateless inspection and must allow return communication. Therefore, you need to allow well-known ports in the inbound and outbound rules as shown below.
I hav edited my question, Also Network ACL's are done as per you as well with inbound and outbound rules.