Articles in this section

All websites hosted in Plesk are not accessible over HTTPS: 502 Bad Gateway or ERR_CONNECTION_REFUSED

Kuzma Ivanov
Updated
Plesk for Linux kb: technical ABT: Group A

Applicable to:

  • Plesk for Linux

Symptoms

  • Websites hosted in Plesk that are configured to be served by Apache are loading fine over HTTP, but display an error that is similar to the following in browsers when opened via HTTPS:

    CONFIG_TEXT: 502 Bad Gateway nginx

    CONFIG_TEXT: ERR_CONNECTION_REFUSED

  • The following error message appears at Domains > example.com > Dashboard > Logs or in the domain's /var/www/vhosts/system/example.com/logs/proxy_error_log:

    CONFIG_TEXT: connect() failed (111: Connection refused) while connecting to upstream, client: 203.0.113.2, server: example.com, request: "GET / HTTP/2.0", upstream: "https://192.0.2.2:7081/", host: "example.com"

Cause

The ssl.conf file that has ssl_module configuration is either corrupted or not included into Apache configuration. As a result Apache is not listening on port 7081 (when nginx is enabled in Tools & Settings > Services Management) or 443 port (when nginx is disabled in Tools & Settings > Services Management) and therefore cannot handle any incoming HTTPS connections:

  • on CentOS/RHEL-based distributions

    # netstat -tunap | grep httpd
    tcp    0    0 0.0.0.0:7080    0.0.0.0:*    LISTEN    2647/httpd

  • on Debian/Ubuntu-based distributions

    # netstat -tunap | grep apache
    tcp6    0    0    :::7080    :::*    LISTEN    763/apache2

Resolution

Restore the ssl.conf file and make sure it is loaded:

For RHEL-based Linux operating systems

 

  1. Connect to your Plesk server via SSH.

  2. Make sure that the conf.d directory is included in Apache configuration:

    # grep IncludeOptional /etc/httpd/conf/httpd.conf
    IncludeOptional conf.d/*.conf

    If no output is returned or the line has a hash sign "#" at the beginning, open the file /etc/httpd/conf/httpd.conf in any text editor (for example, vi editor) and add/uncomment the mentioned line.

  3. Verify that nginx is enabled:

    # plesk sbin nginxmng --status
    Enabled

    If it is disabled, enable it:

    # plesk sbin nginxmng --enable

  4. Restore the default ssl.conf file:

    3.1. Download the file for your OS and unzip it:

    • CentOS / RHEL / CloudLinux 8 and 9

      # wget https://cpanel.zendesk.com/hc/article_attachments/12377382019607 -O ssl_conf_8.zip

      # unzip ssl_conf_8.zip

    • CentOS / RHEL / CloudLinux 7

      # wget https://cpanel.zendesk.com/hc/article_attachments/12377433751447 -O ssl_conf_7.zip

      # unzip ssl_conf_7.zip

    3.2. Rename the original file, if exists:

    # mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.old

    3.3. Put the file in the conf.d directory:

    # mv ssl.conf /etc/httpd/conf.d/

  5. Restore SELinux context of the file:

    # restorecon /etc/httpd/conf.d/ssl.conf

  6. Restart Apache:

    # service httpd restart

  7. Verify that Apache is now listening on port 7081:

    # netstat -tunap | grep httpd
    tcp 0 0 0.0.0.0:7080 0.0.0.0:* LISTEN 17817/httpd
    tcp 0 0 0.0.0.0:7081 0.0.0.0:* LISTEN 17817/httpd

For Debian-based Linux operating systems

 

  1. Connect to your Plesk server via SSH.

  2. Verify that nginx is enabled:

    # plesk sbin nginxmng --status
    Enabled

    If it is disabled, enable it:

    # plesk sbin nginxmng --enable

  3. Create two symbolic links:

    # ln -s /etc/apache2/mods-available/ssl.conf /etc/apache2/mods-enabled/ssl.conf
    # ln -s /etc/apache2/mods-available/ssl.load /etc/apache2/mods-enabled/ssl.load

  4. Restart Apache:

    # service apache2 restart

  5. Verify that Apache is now listening on port 7081:

    # netstat -tunap | grep apache
    tcp6 0 0 :::7080:::* LISTEN 2462/apache2
    tcp6 0 0 :::7081:::* LISTEN 2462/apache2

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.