How do I troubleshoot website connectivity issues on my Amazon EC2 Windows instance?

Resolution

If a website that runs on your EC2 instance becomes unavailable or unreachable, then check the following configurations.

Check whether the instance is running and passes its status checks

Make sure that your instance is listed as Running in the Amazon EC2 console. If your instance isn't listed as Running, then see Why is my EC2 Windows instance down with an instance status check failure?

Check whether the instance boots correctly

Check your instance screenshot to identify boot errors. If you still encounter issues, then use EC2Rescue to troubleshoot instance issues.

Check whether your instance has enough CPU, disk, or memory available

If your website is slow or intermittently inaccessible, then see How do I troubleshoot slow connections to a website hosted on my EC2 instance?

If you require more available memory, disk, or other resources, then resize your instance type.

Check the security group, network ACL, and route tables of your instance

Make sure that your instance's security group and network access control list (network ACL) allow traffic on port 80 and 443. Also, make sure that the route table in your instance's subnet has a default route to an internet gateway.

Check whether your instance has the correct DNS configuration

Check the following instance settings:

• If your website uses an Amazon Route 53 DNS service, then make sure that you correctly configured the DNS records.
• Make sure that you allocated and associated an Elastic IP address to your instance.
  Note: If you stop and start your instance, then the Elastic IP address remains associated to your instance.
• Make sure that you mapped the public IP address or Elastic IP address of the instance to an A record.
• If you use another DNS hosting service, then confirm that you updated the website's name servers on the domain that you registered the website to.

Check the web server and firewall settings

Your web server must be running, and your firewalls must allow access for users to connect to your website.

Run the following commands in Windows Service Manager to verify that your web server is running:

net Stop W3SVC

net Start W3SVC

iisreset/restart

To check whether your instance responds to a website on a specific port, run the following PowerShell commands from a remote machine:

tnc example-public-IP -port example-port

tnc example-DNS-website-name -port example-port

Note: Replace example-public-IP with your instance's public IP address, example-DNS-website-name with your website name, and example-port with your port.

The port that's bound to the website must be in the listening state. If the instance doesn't respond on the port, then run the following commands to check the port state:

netstat -anob | findstr /i 80

netstat -anob | findstr /i 443

Example output:

TCP    0.0.0.0:80    0.0.0.0:0    LISTENING    4

TCP    0.0.0.0:443   0.0.0.0:0    LISTENING    4

If the port isn't in the listening state, then restart the service that's associated with that port.

Also, make sure that your Windows firewall doesn't block port connections on port 80 or 443. To troubleshoot an unreachable port, see Why can't I connect to a port on an EC2 Windows instance?

Check whether you use a valid TLS/SSL certificate

To resolve TLS/SSL certificate errors, see How do I resolve AWS Certificate Manager (ACM) certificate errors that occur when I used HTTPS to access my website?

Note: The steps to resolve ACM certificate errors are the same as the ones to resolve issues with certificates by other providers.

If you run an Internet Information Services (IIS) server, then see How do I install an SSL/TLS certificate on my EC2 Windows instance that runs on an IIS server?

Related information

Why can't I connect to a website that's hosted on my EC2 instance?