SSL times out for one subdomain; http still works

Operating System & Version
CentOS 7.8
cPanel & WHM Version
11.9.0.5

Justin Folvarcik

Registered
Sep 7, 2020
4
0
1
United States
cPanel Access Level
Root Administrator
Hello, there. I recently became an admin for a server managed via cPanel/WHM which contains several subdomains, all of which run on their own IPs. All of them except for one have SSL operating flawlessly. This one particular subdomain accepts HTTP connections without issue, but HTTPS will just time out. I even confirmed this via CURL, and for good measure, I used the SSL Checker on here, which (after hanging for some time) reported that it could find no SSL certificates on the server. This doesn't make sense to me because I can clearly see the certificates installed in the WHM/Cpanel.
At first, I suspected that maybe the port wasn't being listened to by Apache, but everything I've checked so far shows that Apache's vhost does indeed listen on 443 for that domain. I've since tried checking the firewalls, but I can't imagine that a firewall could disallow connections to port 443 for just that one subdomain, nor can I find anything else strange. I decided to even look at Apache's httpd.conf to see if I could figure out if I had an incorrectly configured cert, but I wasn't able to make much sense of that, either, since all listed certs in that file don't even list a keyfile (with the exception of the key/cert pair for the actual cPanel/WHM near the bottom). I was also confused by this:
Code:
  # To customize this VirtualHost use an include file at the following location
  # Include "/etc/apache2/conf.d/userdata/ssl/2_4/(user)/(domain)/*.conf"
Since the "userdata" directory doesn't even exist under /etc/apache2/conf.d/. Am I meant to create that manually if I want to customize it? Maybe I'm wasting time looking there?

I'm very new to using cPanel/WHM, and I'm just not sure where I should go next to check. Maybe there's more intensive firewall checking I can do? Maybe I could try exploring some custom vhost overrides? I've exhausted just about everything I can think of so far, so I would certainly appreciate some assistance.

Thanks in advance.
 

keat63

Well-Known Member
Nov 20, 2014
1,916
263
113
cPanel Access Level
Root Administrator
Is the SSL a purchased one, or one installed using WHM and free.

Have you tried to delete and reinstall it ?
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
When you go to cPanel >> Security >> SSL/TLS >> Certificates and click the link below do you see the certificates there as well? Furthermore, can you show me the error when you send the curl request? Something like:

Code:
curl -vvI https://domain.tld
would be sufficient, just ensure you remove any actual domain names or IP addresses
 

Justin Folvarcik

Registered
Sep 7, 2020
4
0
1
United States
cPanel Access Level
Root Administrator
Is the SSL a purchased one, or one installed using WHM and free.
It's a free one installed via either the WHM or the cPanel, and "cPanel" is listed as the issuer.

Have you tried to delete and reinstall it ?
Yes, but unfortunately it didn't make a difference.

When you go to cPanel >> Security >> SSL/TLS >> Certificates and click the link below do you see the certificates there as well? Furthermore, can you show me the error when you send the curl request? Something like:

Code:
curl -vvI https://domain.tld
would be sufficient, just ensure you remove any actual domain names or IP addresses
Sure, here's the curl.

Code:
curl -vvI https://(domain)
* Rebuilt URL to: https://(domain)/
*   Trying (IP)...
* TCP_NODELAY set
* connect to (IP) port 443 failed: Connection timed out
* Failed to connect to (domain) port 443: Connection timed out
* Closing connection 0
curl: (7) Failed to connect to (domain) port 443: Connection timed out
And in the SSL/TLS section of the cPanel, I can clearly see the cert listed for that domain. The matching keyfile is also there.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
I don't think this is an issue with your site it seems more so to be an issue with the port. For example, if I query a site that doesn't have an SSL but does have a self-signed SSL it will bring up the contents of the self-signed SSL rather than timeout on the connection. Do other sites on your server accept connections over 443 or do you have any sites that work over https? Even if the domain doesn't have an SSL VirtualHost Apache's default behavior is to load the first site in the configuration on that IP with an SSL so you wouldn't encounter a timeout.
 

Justin Folvarcik

Registered
Sep 7, 2020
4
0
1
United States
cPanel Access Level
Root Administrator
I don't think this is an issue with your site it seems more so to be an issue with the port. For example, if I query a site that doesn't have an SSL but does have a self-signed SSL it will bring up the contents of the self-signed SSL rather than timeout on the connection. Do other sites on your server accept connections over 443 or do you have any sites that work over https? Even if the domain doesn't have an SSL VirtualHost Apache's default behavior is to load the first site in the configuration on that IP with an SSL so you wouldn't encounter a timeout.
There are two other sites that run on this server, and both of them do accept HTTPS over 443, though they do have different domain names. I think you're definitely right that the issue is with the port, but I'm not sure how to go about checking this further. What would you recommend?