Apache (WAMP) refusing HTTPS connections

I`m running WAMP server v3.1.3 under Win Server 16, hosting several web sites. Everything was fine until I decided to add an SSL certificate to one of my sites (Apache virtual host). Now the web server is refusing HTTPS connections to that site from outside, but I am able to properly access the site, locally through HTTPS. All other sites are working fine/unimpacted. Obviously I messed up the config somewhere, but not sure where, probably its a silly mistake.

In httpd.conf, I have enabled the ssl_module, socache_shmcb module and I have included the httpd-ssl.conf. Also I've put the ceritificate and key inside the Apache conf folder. Httpd is saying Sintax is OK and I was not able to detect any errors in the logs. Most other settings have their default values. The web server should be listening on port 443, but is refusing connections from the outside. Locally I can access the site normally and its indicating the HTTPS properly. I access it locally and remotely using the same url (https://...; 3) Locally the site is working as it should, with HTTPS; remotely I`m getting "ERR_CONNECTION_REFUSED" HTTP error. Apache version is 2.4.33;
Any help will be much appreciated!

Here are some hints:

httpd-vhosts.conf looks like this:

<VirtualHost *:443>

SSLEngine On

SSLCertificateFile 

"C:/WAMP64/bin/apache/apache2.4.33/conf/key/certificate.crt"

SSLCertificateKeyFile "C:/WAMP64/bin/apache/apache2.4.33/conf/key/key.key"

SSLCACertificateFile "C:/WAMP64/bin/apache/apache2.4.33/conf/key/ca.crt"



ServerName domain.com

ServerAlias www.domain.com

DocumentRoot "c:/wamp64/www/domain"

<Directory  "c:/wamp64/www/domain/">

    Require all granted

</Directory>

</VirtualHost>

#

<VirtualHost *:80>

ServerName domain.com

ServerAlias www.domain.com

DocumentRoot "c:/wamp64/www/domain"

<Directory  "c:/wamp64/www/domain/">

    Require all granted

</Directory>

</VirtualHost>

#

<VirtualHost *:80>

ServerName site2.domain.com

DocumentRoot "c:/wamp64/www/site2"

<Directory  "c:/wamp64/www/site2/">

    Require all granted

</Directory>

</VirtualHost>

httpd-ssl.conf looks like this:

Listen 443



SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES

SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES



SSLHonorCipherOrder on 



SSLProtocol all -SSLv3

SSLProxyProtocol all -SSLv3



SSLPassPhraseDialog  builtin



SSLSessionCache        

"shmcb:C:/WAMP64/bin/apache/apache2.4.33/logs/ssl_scache(512000)"

SSLSessionCacheTimeout  300



<VirtualHost _default_:443>



DocumentRoot "c:/WAMP64/www"

ServerName domain.com:443

ServerAdmin admin@domain.com

ErrorLog "C:/WAMP64/bin/apache/apache2.4.33/logs/error.log"

TransferLog "C:/WAMP64/bin/apache/apache2.4.33/logs/access.log"



SSLEngine on



SSLCertificateFile "C:/WAMP64/bin/apache/apache2.4.33/conf/key/certificate.crt"

SSLCertificateKeyFile "C:/WAMP64/bin/apache/apache2.4.33/conf/key/key.key"

SSLCertificateChainFile "C:/WAMP64/bin/apache/apache2.4.33/conf/key/ca.crt"



<FilesMatch ".(cgi|shtml|phtml|php)$">

SSLOptions +StdEnvVars

</FilesMatch>

<Directory "C:/WAMP64/www">

SSLOptions +StdEnvVars

</Directory>



BrowserMatch "MSIE [2-5]" 

     nokeepalive ssl-unclean-shutdown 

     downgrade-1.0 force-response-1.0



CustomLog "C:/WAMP64/bin/apache/apache2.4.33/logs/ssl_request.log" 

      "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b"



</VirtualHost>

edited Nov 21 '18 at 6:50

asked Nov 20 '18 at 22:38

vix

Try adding Allow from all inside your vhost Directory statements. Are you able to access non-https from outside?

– pmahomme
Nov 20 '18 at 22:52

1) How do you access it locally vs from remote (which URL) ? 2) Which Apache version? Before 2.3.11 you need a NameVirtualHost directive. 3) What exactly happens when it does not work? No reply at all, a TLS error message, an HTTP error code?

– Patrick Mevzek
Nov 20 '18 at 23:25

@pmahomme - thanks for the suggestion, I tried Allow from all, but no change

– vix
Nov 21 '18 at 6:44

@PatrickMevzek hi, 1) I access it locally and remotely using the same url (https://...; 2) Apache version is 2.4.33; 3) Locally the site is working as it should, with HTTPS; remotely I`m getting "ERR_CONNECTION_REFUSED" HTTP error

– vix
Nov 21 '18 at 6:48

add a comment |

Here are some hints:

httpd-vhosts.conf looks like this:

<VirtualHost *:443>

SSLEngine On

SSLCertificateFile 

"C:/WAMP64/bin/apache/apache2.4.33/conf/key/certificate.crt"

SSLCertificateKeyFile "C:/WAMP64/bin/apache/apache2.4.33/conf/key/key.key"

SSLCACertificateFile "C:/WAMP64/bin/apache/apache2.4.33/conf/key/ca.crt"



ServerName domain.com

ServerAlias www.domain.com

DocumentRoot "c:/wamp64/www/domain"

<Directory  "c:/wamp64/www/domain/">

    Require all granted

</Directory>

</VirtualHost>

#

<VirtualHost *:80>

ServerName domain.com

ServerAlias www.domain.com

DocumentRoot "c:/wamp64/www/domain"

<Directory  "c:/wamp64/www/domain/">

    Require all granted

</Directory>

</VirtualHost>

#

<VirtualHost *:80>

ServerName site2.domain.com

DocumentRoot "c:/wamp64/www/site2"

<Directory  "c:/wamp64/www/site2/">

    Require all granted

</Directory>

</VirtualHost>

httpd-ssl.conf looks like this:

Listen 443



SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES

SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES



SSLHonorCipherOrder on 



SSLProtocol all -SSLv3

SSLProxyProtocol all -SSLv3



SSLPassPhraseDialog  builtin



SSLSessionCache        

"shmcb:C:/WAMP64/bin/apache/apache2.4.33/logs/ssl_scache(512000)"

SSLSessionCacheTimeout  300



<VirtualHost _default_:443>



DocumentRoot "c:/WAMP64/www"

ServerName domain.com:443

ServerAdmin admin@domain.com

ErrorLog "C:/WAMP64/bin/apache/apache2.4.33/logs/error.log"

TransferLog "C:/WAMP64/bin/apache/apache2.4.33/logs/access.log"



SSLEngine on



SSLCertificateFile "C:/WAMP64/bin/apache/apache2.4.33/conf/key/certificate.crt"

SSLCertificateKeyFile "C:/WAMP64/bin/apache/apache2.4.33/conf/key/key.key"

SSLCertificateChainFile "C:/WAMP64/bin/apache/apache2.4.33/conf/key/ca.crt"



<FilesMatch ".(cgi|shtml|phtml|php)$">

SSLOptions +StdEnvVars

</FilesMatch>

<Directory "C:/WAMP64/www">

SSLOptions +StdEnvVars

</Directory>



BrowserMatch "MSIE [2-5]" 

     nokeepalive ssl-unclean-shutdown 

     downgrade-1.0 force-response-1.0



CustomLog "C:/WAMP64/bin/apache/apache2.4.33/logs/ssl_request.log" 

      "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b"



</VirtualHost>

edited Nov 21 '18 at 6:50

asked Nov 20 '18 at 22:38

vix

Try adding Allow from all inside your vhost Directory statements. Are you able to access non-https from outside?

– pmahomme
Nov 20 '18 at 22:52

1) How do you access it locally vs from remote (which URL) ? 2) Which Apache version? Before 2.3.11 you need a NameVirtualHost directive. 3) What exactly happens when it does not work? No reply at all, a TLS error message, an HTTP error code?

– Patrick Mevzek
Nov 20 '18 at 23:25

@pmahomme - thanks for the suggestion, I tried Allow from all, but no change

– vix
Nov 21 '18 at 6:44

@PatrickMevzek hi, 1) I access it locally and remotely using the same url (https://...; 2) Apache version is 2.4.33; 3) Locally the site is working as it should, with HTTPS; remotely I`m getting "ERR_CONNECTION_REFUSED" HTTP error

– vix
Nov 21 '18 at 6:48

add a comment |

Here are some hints:

httpd-vhosts.conf looks like this:

<VirtualHost *:443>

SSLEngine On

SSLCertificateFile 

"C:/WAMP64/bin/apache/apache2.4.33/conf/key/certificate.crt"

SSLCertificateKeyFile "C:/WAMP64/bin/apache/apache2.4.33/conf/key/key.key"

SSLCACertificateFile "C:/WAMP64/bin/apache/apache2.4.33/conf/key/ca.crt"



ServerName domain.com

ServerAlias www.domain.com

DocumentRoot "c:/wamp64/www/domain"

<Directory  "c:/wamp64/www/domain/">

    Require all granted

</Directory>

</VirtualHost>

#

<VirtualHost *:80>

ServerName domain.com

ServerAlias www.domain.com

DocumentRoot "c:/wamp64/www/domain"

<Directory  "c:/wamp64/www/domain/">

    Require all granted

</Directory>

</VirtualHost>

#

<VirtualHost *:80>

ServerName site2.domain.com

DocumentRoot "c:/wamp64/www/site2"

<Directory  "c:/wamp64/www/site2/">

    Require all granted

</Directory>

</VirtualHost>

httpd-ssl.conf looks like this:

Listen 443



SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES

SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES



SSLHonorCipherOrder on 



SSLProtocol all -SSLv3

SSLProxyProtocol all -SSLv3



SSLPassPhraseDialog  builtin



SSLSessionCache        

"shmcb:C:/WAMP64/bin/apache/apache2.4.33/logs/ssl_scache(512000)"

SSLSessionCacheTimeout  300



<VirtualHost _default_:443>



DocumentRoot "c:/WAMP64/www"

ServerName domain.com:443

ServerAdmin admin@domain.com

ErrorLog "C:/WAMP64/bin/apache/apache2.4.33/logs/error.log"

TransferLog "C:/WAMP64/bin/apache/apache2.4.33/logs/access.log"



SSLEngine on



SSLCertificateFile "C:/WAMP64/bin/apache/apache2.4.33/conf/key/certificate.crt"

SSLCertificateKeyFile "C:/WAMP64/bin/apache/apache2.4.33/conf/key/key.key"

SSLCertificateChainFile "C:/WAMP64/bin/apache/apache2.4.33/conf/key/ca.crt"



<FilesMatch ".(cgi|shtml|phtml|php)$">

SSLOptions +StdEnvVars

</FilesMatch>

<Directory "C:/WAMP64/www">

SSLOptions +StdEnvVars

</Directory>



BrowserMatch "MSIE [2-5]" 

     nokeepalive ssl-unclean-shutdown 

     downgrade-1.0 force-response-1.0



CustomLog "C:/WAMP64/bin/apache/apache2.4.33/logs/ssl_request.log" 

      "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b"



</VirtualHost>

edited Nov 21 '18 at 6:50

asked Nov 20 '18 at 22:38

vix

Here are some hints:

httpd-vhosts.conf looks like this:

<VirtualHost *:443>

SSLEngine On

SSLCertificateFile 

"C:/WAMP64/bin/apache/apache2.4.33/conf/key/certificate.crt"

SSLCertificateKeyFile "C:/WAMP64/bin/apache/apache2.4.33/conf/key/key.key"

SSLCACertificateFile "C:/WAMP64/bin/apache/apache2.4.33/conf/key/ca.crt"



ServerName domain.com

ServerAlias www.domain.com

DocumentRoot "c:/wamp64/www/domain"

<Directory  "c:/wamp64/www/domain/">

    Require all granted

</Directory>

</VirtualHost>

#

<VirtualHost *:80>

ServerName domain.com

ServerAlias www.domain.com

DocumentRoot "c:/wamp64/www/domain"

<Directory  "c:/wamp64/www/domain/">

    Require all granted

</Directory>

</VirtualHost>

#

<VirtualHost *:80>

ServerName site2.domain.com

DocumentRoot "c:/wamp64/www/site2"

<Directory  "c:/wamp64/www/site2/">

    Require all granted

</Directory>

</VirtualHost>

httpd-ssl.conf looks like this:

Listen 443



SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES

SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES



SSLHonorCipherOrder on 



SSLProtocol all -SSLv3

SSLProxyProtocol all -SSLv3



SSLPassPhraseDialog  builtin



SSLSessionCache        

"shmcb:C:/WAMP64/bin/apache/apache2.4.33/logs/ssl_scache(512000)"

SSLSessionCacheTimeout  300



<VirtualHost _default_:443>



DocumentRoot "c:/WAMP64/www"

ServerName domain.com:443

ServerAdmin admin@domain.com

ErrorLog "C:/WAMP64/bin/apache/apache2.4.33/logs/error.log"

TransferLog "C:/WAMP64/bin/apache/apache2.4.33/logs/access.log"



SSLEngine on



SSLCertificateFile "C:/WAMP64/bin/apache/apache2.4.33/conf/key/certificate.crt"

SSLCertificateKeyFile "C:/WAMP64/bin/apache/apache2.4.33/conf/key/key.key"

SSLCertificateChainFile "C:/WAMP64/bin/apache/apache2.4.33/conf/key/ca.crt"



<FilesMatch ".(cgi|shtml|phtml|php)$">

SSLOptions +StdEnvVars

</FilesMatch>

<Directory "C:/WAMP64/www">

SSLOptions +StdEnvVars

</Directory>



BrowserMatch "MSIE [2-5]" 

     nokeepalive ssl-unclean-shutdown 

     downgrade-1.0 force-response-1.0



CustomLog "C:/WAMP64/bin/apache/apache2.4.33/logs/ssl_request.log" 

      "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b"



</VirtualHost>

apache ssl wamp

edited Nov 21 '18 at 6:50

asked Nov 20 '18 at 22:38

vix

edited Nov 21 '18 at 6:50

asked Nov 20 '18 at 22:38

vix

edited Nov 21 '18 at 6:50

asked Nov 20 '18 at 22:38

vix

asked Nov 20 '18 at 22:38

vix

asked Nov 20 '18 at 22:38

vix

Try adding Allow from all inside your vhost Directory statements. Are you able to access non-https from outside?

– pmahomme
Nov 20 '18 at 22:52

1) How do you access it locally vs from remote (which URL) ? 2) Which Apache version? Before 2.3.11 you need a NameVirtualHost directive. 3) What exactly happens when it does not work? No reply at all, a TLS error message, an HTTP error code?

– Patrick Mevzek
Nov 20 '18 at 23:25

@pmahomme - thanks for the suggestion, I tried Allow from all, but no change

– vix
Nov 21 '18 at 6:44

@PatrickMevzek hi, 1) I access it locally and remotely using the same url (https://...; 2) Apache version is 2.4.33; 3) Locally the site is working as it should, with HTTPS; remotely I`m getting "ERR_CONNECTION_REFUSED" HTTP error

– vix
Nov 21 '18 at 6:48

add a comment |

Try adding Allow from all inside your vhost Directory statements. Are you able to access non-https from outside?

– pmahomme
Nov 20 '18 at 22:52

1) How do you access it locally vs from remote (which URL) ? 2) Which Apache version? Before 2.3.11 you need a NameVirtualHost directive. 3) What exactly happens when it does not work? No reply at all, a TLS error message, an HTTP error code?

– Patrick Mevzek
Nov 20 '18 at 23:25

@pmahomme - thanks for the suggestion, I tried Allow from all, but no change

– vix
Nov 21 '18 at 6:44

@PatrickMevzek hi, 1) I access it locally and remotely using the same url (https://...; 2) Apache version is 2.4.33; 3) Locally the site is working as it should, with HTTPS; remotely I`m getting "ERR_CONNECTION_REFUSED" HTTP error

– vix
Nov 21 '18 at 6:48

Try adding Allow from all inside your vhost Directory statements. Are you able to access non-https from outside?

– pmahomme
Nov 20 '18 at 22:52

1) How do you access it locally vs from remote (which URL) ? 2) Which Apache version? Before 2.3.11 you need a NameVirtualHost directive. 3) What exactly happens when it does not work? No reply at all, a TLS error message, an HTTP error code?

– Patrick Mevzek
Nov 20 '18 at 23:25

@pmahomme - thanks for the suggestion, I tried Allow from all, but no change

– vix
Nov 21 '18 at 6:44

@PatrickMevzek hi, 1) I access it locally and remotely using the same url (https://...; 2) Apache version is 2.4.33; 3) Locally the site is working as it should, with HTTPS; remotely I`m getting "ERR_CONNECTION_REFUSED" HTTP error

– vix
Nov 21 '18 at 6:48

add a comment |

1 Answer
1

active

oldest

votes

Solved. Of course the reason was a silly mistake - port 443 was not opened in my router :)

answered Nov 21 '18 at 9:49

vix

add a comment |

Your Answer

StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});

}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53402646%2fapache-wamp-refusing-https-connections%23new-answer', 'question_page');
}
);

Post as a guest

Name

Required, but never shown

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

Solved. Of course the reason was a silly mistake - port 443 was not opened in my router :)

answered Nov 21 '18 at 9:49

vix

add a comment |

Solved. Of course the reason was a silly mistake - port 443 was not opened in my router :)

answered Nov 21 '18 at 9:49

vix

add a comment |

Solved. Of course the reason was a silly mistake - port 443 was not opened in my router :)

answered Nov 21 '18 at 9:49

vix

Solved. Of course the reason was a silly mistake - port 443 was not opened in my router :)

answered Nov 21 '18 at 9:49

vix

answered Nov 21 '18 at 9:49

vix

answered Nov 21 '18 at 9:49

vix

answered Nov 21 '18 at 9:49

vix

add a comment |

draft saved

draft discarded

Thanks for contributing an answer to Stack Overflow!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Argthtjtr