Why is https not working?

Solution 1:

OK, try this:

telnet localhost 443

Does that give a response, or does it hang? If it's responding, you should get something that looks like:

$ telnet localhost 443
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.

(if telnet is not installed, then install it; you can exit the telnet session by hitting control-] and then typing "q" to quit)

If you're able to connect to the web server on the local interface (and the web server is running, given your logs), then there is a firewall issue (I know you said you haven't set the firewall, but this will confirm). In that case, run:

iptables -L -n

and post the results.

Update

From comments, this is an EC2 instance, so look at the Security Groups associated with this instance. Make sure you're allowing tcp/443 in your Security Groups.

Something like this might help:

http://cloud-computing.learningtree.com/2010/09/24/understanding-amazon-ec2-security-groups-and-firewalls/

Solution 2:

On dual-stack hosts, listening to ::443 means you're listening both on IPv4 and IPv6. Test the TLS negotiation yourself:

openssl s_client -connect localhost:443
[lots of negotiation output, to ensure the basics are there]

Then you'll be able to test if HTTP replies:

GET / HTTP/1.0

Here's how I'd redirect:

<VirtualHost *:80>
    ServerName mail.example.com

    RewriteEngine On
    RewriteLog /var/log/apache2/rewrite.log
    RewriteLogLevel 4
    RewriteRule ^(.*)$ https://secure.example.com/mail$1 [R,L]
</VirtualHost>

Please remove RewriteLog and RewriteLogLevel in production, or risk getting a disk filled senselessly.


Solution 3:

Similar issue, apache2 was responding to 443, nothing in the logs

/etc/apache2# openssl s_client -connect localhost:443 -state -debug

gave me the following

SSL_connect:unknown state
read from 0x1182fe0 [0x1189010] (7 bytes => 7 (0x7))
0000 - 48 54 54 50 2f 31 2e                              HTTP/1.
SSL_connect:error in unknown state
139790287365792:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:795:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 295 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE

the issue was that my.domain.com is a different ip than was configured in the virtual hosts. As server uses 2 IPs. so apache was answering on 443, but could not connect a website to the connection. matched the IP all is good