Apache HTTPD not hosting on port 443

Question

I have an Apache 2 web server using TLS certificates from Let's Encrypt (installed using CertBot). The OS is Amazon Linux 2. I cannot access the website using port 443. It only works on port 80 without the certficate.

I have tried adding a VirtualHost section to httpd.conf, using a proxy to Express.js on port 8080, tried Express.js listening on port 443 on its own (with httpd stopped), tried with and without IP binding (IPv4 and 6), changed the default name in VirtualHost in the ssl.conf to *, and ensured that the certificate and key are owned by root. I have browsed at least a dozen forums and cannot get this to work. What am I missing here?

Here is httpd.conf (I've removed all of the comments):

ServerRoot "/etc/httpd"

Listen 0.0.0.0:443
Listen [::]:443

Include conf.modules.d/*.conf

User apache
Group apache

ServerAdmin step9productions@gmail.com

<Directory />
    AllowOverride none
    Require all denied
</Directory>

DocumentRoot "/var/www/html"

<Directory "/var/www">
    AllowOverride None
    # Allow open access:
    Require all granted
</Directory>

<Directory "/var/www/html">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

<Files ".ht*">
    Require all denied
</Files>


ErrorLog "logs/error_log"

LogLevel warn

<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    CustomLog "logs/access_log" combined
</IfModule>

<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>

<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

<IfModule mime_module>
    TypesConfig /etc/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
</IfModule>

AddDefaultCharset UTF-8

<IfModule mime_magic_module>
    MIMEMagicFile conf/magic
</IfModule>

EnableSendfile on

<IfModule mod_http2.c>
    Protocols h2 h2c http/1.1
</IfModule>

IncludeOptional conf.d/*.conf

<VirtualHost *:443>
    ServerName step9productions.com
    ServerAlias step9productions.com
    DocumentRoot "/var/www/html"
    SSLEngine on
    SSLProtocol -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2
    SSLCertificateFile /etc/letsencrypt/live/step9productions.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/step9productions.com/privkey.pem
</VirtualHost>

This is the ssl.conf file:

SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog

SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout  300

SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512

SSLCryptoDevice builtin

<VirtualHost *:443>

DocumentRoot "/var/www/html"
ServerName step9productions.com:443

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/step9productions.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/step9productions.com/privkey.pem

SSLProtocol -SSLv2 -SSLv3 -TLSv1 -TLSV1.1 +TLSv1.2

SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA

SSLCertificateFile /etc/letsencrypt/live/step9productions.com/fullchain.pem

SSLCertificateKeyFile /etc/letsencrypt/live/step9productions.com/privkey.pem

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

Thanks for the help.

Does this answer your question? [Can't access Nginx webserver after configuring SSL (Certbot, LetsEncrypt)](https://serverfault.com/questions/1023538/cant-access-nginx-webserver-after-configuring-ssl-certbot-letsencrypt) — Michael Hampton, Sep 30 '20 at 00:22
@Lenne That's not relevant. Go actually read it first before you claim it's not. — Michael Hampton, Sep 30 '20 at 02:20

Lenne · Answer 1 · 2020-09-30T21:21:31.033

New thing: You have to open port 443 in your AWS security group.

You have to explain what "not working mean".

Server not listening?
Wrong site shown?
Browser complains about certificates?

(I just deleted an incorrect answer)

You have listed ServerName step9productions.com:443 in ssl.conf and ServerName step9productions.com in httpd.conf That makes the server as confused as you are ;-)

I'd leave all the site-specific settings in a file in /etc/apache2/sites-available/step9.conf and enable it with a2ensite step9

Then let letsencrypt manage the setup of step9-le-ssl when you let it generate the certificates.

Apache HTTPD not hosting on port 443

1 Answers1

New thing: You have to open port 443 in your AWS security group.