By using AWS re:Post, you agree to the Terms of Use
/Unable to connect on port 443/

Unable to connect on port 443


I have a CentOS 7 EC2 instance with Apache HTTPD running on port 443.

$ netstat -tnlp | grep 443
tcp        0      0   *               LISTEN      2533/httpd          

I cleared all inbound rules for the Security Group and now have just these 3:

IPv4	HTTPS	TCP	443	<MyIP>/32
IPv4	HTTP	TCP	80	<MyIP>/32
IPv4	SSH	TCP	22	<MyIP>/32

But not able to connect to the web server on the public IP (Google Chrome browser reports ERR_CONNECTION_TIMED_OUT). It was working previously before I removed some inbound rules and stopped the instance for a few days.

$ telnet <public IP> 443
Trying <public IP>...
telnet: connect to address <public IP>: No route to host
$ telnet <public IP> 80 
Trying <public IP>...
telnet: connect to address <public IP>: No route to host
$ telnet 443
Connected to
Escape character is '^]'.

Anything else I can check? Thanks

UPDATE: I installed VNC server on the instance and connected using VNC viewer. Launched Firefox, opened URL https://localhost and was able to login to the web app. But still can't access using https://<public ip>.

3 Answers
Accepted Answer

Adding port 443 using the firewall command did the trick for me.

$ sudo firewall-cmd --permanent --add-port=443/tcp

$ sudo firewall-cmd --reload

$ sudo firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  services: dhcpv6-client ssh
  ports: 3389/tcp 443/tcp
  masquerade: no
  rich rules: 

answered 3 months ago

If you have a default Public IP you will get a new IP address every time you stop/start the instance. Could it be that?

answered 4 months ago
  • Yes, the public IP keeps changing, but I use the new IP every time.

  • Can you try to connect using openssl to eliminate any SSL config isssues? Something like 'openssl s_client -connect host:port -debug'. Another VPC thing to check is if there are any NACL rules preventing the connection, though your VNC connection seems to eliminate this possibility.


Please its been 2 weeks now, have tried everything but each time I telnet telnet <public IP> 443 or telnet telnet <public IP> 80, I keep getting; telnet: Unable to connect to remote host: Connection timed out

And when I do curl -I <public IP> 80, I get curl: (7) Failed to connect to <public IP> port 80: Connection timed out.

My <public IP> is an elastic IP.

Please help

answered 3 months ago
  • You shouldn't be asking new questions in the answer area. Better to ask them as a separate question. Did you check all inbound rules of the Security Group? Adding port 443 using the firewall command did the trick for me (firewall-cmd --permanent --add-port=443/tcp).

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions