Popular browsers like Google Chrome, Mozilla Firefox, etc need SSL for websites.
Therefore, website owners have to migrate their websites from HTTP to HTTPS.
Often wrong migration steps result in an Nginx SSL connection refused error.
At Bobcares, we help customers in setting up Nginx SSL as a part of our Server Management Services.
Today let’s have a deep check on this error and the way our Support Engineers fix it.
What is the Nginx SSL connection refused error?
Have a vague idea about the error? Let’s make it clear.
As we all know, the Hypertext Transport Protocol aka HTTP fetch pages from the server and display on the browser.
HTTP/2 is the new version of the HTTP protocol and offers high transfer speed.
However, due to security reasons, popular browsers discard older protocols and only support HTTP/2 for HTTPS connections.
Usually, the default listening port in the Nginx server is the standard HTTP port 80. But HTTP/2 only supports HTTPS connections, that require port 443 open in the server.
Therefore when the server does not listen to 443, it shows connection refused error.
How do we fix the error?
Usually, the fix for SSL connection refused error involves opening port 443 in the Nginx configuration file. Let’s see how our Support Engineers provide an appropriate fix to this problem.
Firstly, we check the status of port 443 in the server using the netstat command,
netstat -plan | grep :443
On finding it closed, we open the port 443 in the firewall. Here again, different firewalls follow different commands to open a port.
For instance, to open port 443 in iptables, we use the command:
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
Similarly, in the CentOS server, to open port in firewalld, we use,
firewall-cmd --permanent --zone=public --add-port=443/tcp
Next, we edit the Nginx configuration file /etc/nginx/nginx.conf and add,
listen 443 ssl http/2 default_server; listen [::]:80 default_server;
It will add 443 as the listening port in the Nginx server and thus enables HTTPS connections.
Finally, when Nginx listens on port 443, it looks like,
[root@xxx ~]# netstat -lpan | grep :443 tcp 0 0 1xx.2x.111.23:443 0.0.0.0:* LISTEN 11978/nginx tcp 0 0 1xx.2x.111.22:443 0.0.0.0:* LISTEN 11978/nginx tcp 0 0 1xx.2x.111.19:443 0.0.0.0:* LISTEN 11978/nginx
[Still stuck with Nginx SSL errors? We can solve it in a jiffy.]
In short, the Nginx SSL connection refused error mainly occur due to Nginx’s misconfigurations. Today’s write-up showed how our Support Engineers fix the SSL connection refused error in Nginx servers.