How to tell which web server software my ec2 instance is using?


I've inherited maintenance of some ec2 instances, one of which I'm trying to enable certbot on to automatically renew the SSL, I've previously been using certbot certonly to manually make a new SSL when needed. It's installed via snap, however it's not able to automatically renew the SSL due to not detecting the server's config, and I'm not sure what web server software is being used so that I can provide the config to certbot, as I'm not very familiar with linux server configurations & the server was originally setup by someone else.

The server is running Ubuntu 18.04.5 LTS, I've tried running these commands, neither apache nor nginx seem to be running:

  • which nginx & which apache2ctl - returns nothing

  • ps aux | grep apache & ps aux | grep nginx - returns only the grep process itself

  • sudo netstat -tuln | grep -E '80|443' - returns 8080, 80, 8443, & 443 ports as tcp6 0 0 :::8080 :::* LISTEN for each point, swapping 8080 for the relevant port

  • ls /etc/apache2/ & ls /etc/nginx/ & ls /etc/httpd/- returns 'no such file or directory'

However the server is actively serving content, and the web page(s) it's serving are reachable on the web, so something is serving the content.

I have full ssh access to the server, and I'm performing these actions on a cloned image on a new ec2 instance that I've pointed the original domain to with Route53 so that I'm seeing the cloned server's content, but I'm able to switch back to the previous working instance/image if needed. If any additional info is needed let me know & I can provide it ASAP.

  • What is the full ouput of the netstat | grep -E '80|443', it should say the process that is using those ports, that way you could see what program is running.

  • @Higher running sudo netstat -tulnp | grep -E '80|443' (added -p to show PIDs) gives:

    tcp6   0   0 :::8080   :::*    LISTEN   1139/java
    tcp6   0   0 :::80    :::*    LISTEN   1139/java
    tcp6   0   0 :::8443    :::*   LISTEN  1139/java
    tcp6   0   0 :::443   :::*   LISTEN   1139/java

    and the PID 1139 currently belongs to /root/.javax/x30.jar The content being served has it's code at /root/JavaX-Code/ & transpiles on reboot. Could the Java app be acting as it's own web service? I'm not at all familiar with Java, I apologize

  • I'll say in advance that i have my doubts this will provide anything useful, but there's no harm in trying it. What do you get from "curl --head http://localhost:80" (and retry for all the other ports above), does it return a "Server:" entry in its output?

asked 14 days ago50 views
2 Answers
Accepted Answer

Hello @rePost-User-5556571, yes the Java process /root/.javax/x30.jar is running its own HTTP service, it does not look as any know J2EE server like weblogic, tomcat, glassfish, etc. It looks like a custom bundle app. Try to look in the following directories /root/JavaX-Code/ and /root/.javax/ and look for a jks o keystore file, maybe they left there the keystore where the current SSL certificate is.

If so, you can create a new keystore and replace the existing one with your new cert.

Hope this helps.

profile picture
answered 13 days ago
  • Thank you very much for your help, Yes it's definitely an embedded web service in the java app, I've been poking around the transpiled & non-transpiled code. I do have access to the keystore (.p12) file. Previously, I've been updating the SSL when needed by re-running letsencrypt-renew, updating the DNS txt record & making a new validation.txt file containing Certbot's validation string. Does it sound like it will be possible to get Certbot to automatically renew the SSL if I make a new keystore, or will the embedded java server prevent it from renewing automatically?

  • @rePost-User-5556571 you should be able to renew it, and just replace the cert in the keystore as long as you have the request and the cert is generated from the same request, thing that I think is not possible with letsencrypt, that's why you will have to create a new keystore as is going to have a new cert


Hi, you may alternatively try wget --save-headers <url> from a desktop remote from the server to get the external view

profile pictureAWS
answered 14 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions