@zerlpaMMT, then for me it is a firewall/route issue.
Please, paste the output of this command (as root):
iptables --list-rules
Please, when pasting the output of commands here on the forum, paste the output, select the pasted text and click on icon </> so the output won’t be formatted.
Cheers,
sahsanu
Indeed your iptables are probably blocking port 443. From the outside you only have two listening ports
Or output of ‘sudo iptables -S”
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N ufw-after-logging-forward
-N ufw-after-logging-input
-N ufw-after-logging-output
-N ufw-before-logging-forward
-N ufw-before-logging-input
-N ufw-before-logging-output
-N ufw-logging-allow
-N ufw-logging-deny
-N ufw-user-forward
-N ufw-user-input
-N ufw-user-limit
-N ufw-user-limit-accept
-N ufw-user-logging-forward
-N ufw-user-logging-input
-N ufw-user-logging-output
-N ufw-user-output
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN
-A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 22 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 80 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 80 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 443 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 443 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 5443 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 5443 -j ACCEPT
-A ufw-user-input -p tcp -m multiport --dports 80,443 -m comment --comment “‘dapp_Nginx%20Full’” -j ACCEPT
-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-limit-accept -j ACCEPT
@zerlpaMMT, execute below command:
sudo ufw allow https
Thanks @sahsanu stuck on my mobile right now as it is lightning season here so I hope you can resolve this
Even thou your config is accepting 443, the site is unreachable via 443:
wget http://webapp.zerlauth.net/
--2017-10-02 13:25:47-- http://webapp.zerlauth.net/
Resolving webapp.zerlauth.net (webapp.zerlauth.net)... 185.164.5.222
Connecting to webapp.zerlauth.net (webapp.zerlauth.net)|185.164.5.222|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://webapp.zerlauth.net/ [following]
--2017-10-02 13:25:48-- https://webapp.zerlauth.net/
Connecting to webapp.zerlauth.net (webapp.zerlauth.net)|185.164.5.222|:443... failed: No route to host.
Resolving webapp.zerlauth.net (webapp.zerlauth.net)... 185.164.5.222
Connecting to webapp.zerlauth.net (webapp.zerlauth.net)|185.164.5.222|:443... failed: No route to host.
Are there any other inline devices that could allow/block ports?
This is what is heard responding on port 80:
Apache/2.4.18 (Ubuntu) Server at pimcore.zerlauth.org Port 80
Do you Think it is a config Problem or a Problem of my Hoster?
The iptables config doesn't accept connections to 443, well you see these rules...
-A ufw-user-input -p tcp -m tcp --dport 443 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 443 -j ACCEPT
...and you think, great, it allows connections to port 443 but these rules are never reached because there is another rule before these ones rejecting the connection:
-A INPUT -j REJECT --reject-with icmp-host-prohibited
The reason the connection to port 22 and 80 works is because there are rules allowing them before this REJECT rule on INPUT chain.
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
@zerlpaMMT So, yes, the problem is the firewall. You can check it easily, remove the reject rule:
sudo iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
and you would be able to connect your site on port 443 from internet.
I don't know what you did with your firewall but I recommend to reset your rules and start fresh again with your ufw conf.
Good luck.
sahsanu
THANK YOU soooo much that works perfekt 
@zerlpaMMT you are welcome but keep in mind, if you reboot your server you will have the same problem because you have the wrong rules defined on ufw. The deletion I suggested is a temporal “fix”, indeed it’s actually like you do not have a firewall because your default policies are ACCEPT.
So as I said you should reset your ufw rules and start a fresh conf.
Cheers,
sahsanu
@zerlpaMMT glad you got it working. As @sahsanu said once you reboot you will probably lose those rules. If you want a basic set of ipv4 and ipv6 rules for running a web server and a guide to making them persistent let me know.
Yes Please that would be nice.
And thank you all for helping me 
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.