By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Unable to connect on port 443

0

I have a CentOS 7 EC2 instance with Apache HTTPD running on port 443.

$ netstat -tnlp | grep 443
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      2533/httpd

I cleared all inbound rules for the Security Group and now have just these 3:

IPv4	HTTPS	TCP	443	<MyIP>/32
IPv4	HTTP	TCP	80	<MyIP>/32
IPv4	SSH	TCP	22	<MyIP>/32

But not able to connect to the web server on the public IP (Google Chrome browser reports ERR_CONNECTION_TIMED_OUT). It was working previously before I removed some inbound rules and stopped the instance for a few days.

$ telnet <public IP> 443
Trying <public IP>...
telnet: connect to address <public IP>: No route to host
$ telnet <public IP> 80 
Trying <public IP>...
telnet: connect to address <public IP>: No route to host
$ telnet google.com 443
Trying 142.250.188.46...
Connected to google.com.
Escape character is '^]'.

Anything else I can check? Thanks

UPDATE: I installed VNC server on the instance and connected using VNC viewer. Launched Firefox, opened URL https://localhost and was able to login to the web app. But still can't access using https://<public ip>.

Topics
ComputeNetworking & Content Delivery
Tags
Amazon EC2Security Group
Language
English
asked 3 years ago6.8K views
3 Answers
0
Accepted Answer

Adding port 443 using the firewall command did the trick for me.

$ sudo firewall-cmd --permanent --add-port=443/tcp

$ sudo firewall-cmd --reload

$ sudo firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources: 
  services: dhcpv6-client ssh
  ports: 3389/tcp 443/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:
answered 3 years ago
EXPERT
reviewed a year ago
0

If you have a default Public IP you will get a new IP address every time you stop/start the instance. Could it be that?

AWS
EXPERT
answered 3 years ago
  • SV
    3 years ago

    Yes, the public IP keeps changing, but I use the new IP every time.

  • kentrad EXPERT
    3 years ago

    Can you try to connect using openssl to eliminate any SSL config isssues? Something like 'openssl s_client -connect host:port -debug'. Another VPC thing to check is if there are any NACL rules preventing the connection, though your VNC connection seems to eliminate this possibility.

0

Please its been 2 weeks now, have tried everything but each time I telnet telnet <public IP> 443 or telnet telnet <public IP> 80, I keep getting; telnet: Unable to connect to remote host: Connection timed out

And when I do curl -I <public IP> 80, I get curl: (7) Failed to connect to <public IP> port 80: Connection timed out.

My <public IP> is an elastic IP.

Please help

answered 3 years ago
  • SV
    3 years ago

    You shouldn't be asking new questions in the answer area. Better to ask them as a separate question. Did you check all inbound rules of the Security Group? Adding port 443 using the firewall command did the trick for me (firewall-cmd --permanent --add-port=443/tcp).

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content