The browser is not hitting the web server. (Unable to open on https)

My domain

I ran this command: I have followed these steps : to install lets encrypt on my machine, after that ran the following command to restart the tomcat server.
sudo service tomcat8 restart;

It produced this output:
28-Nov-2017 02:35:42.230 SEVERE [main] org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler [“http-nio-443”] Permission denied at Method) at at

To fix the above issue i tried with :

My web server is (include version): Tomcat 8.0

The operating system my web server runs on is (include version):
Amazon ec2 machine Linux: 4.4.23-31.51.amzn1.x86_64

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

check if other process is using 443 port .If not try changing connector port in server.xml .
try adding authbind=yes in /etc/default/tomcat[7/8]

i need to know what combination are you using
tomcat + apache + mod_jk ? . If you are using this , adding ssl parameters with apache wont affect tomcat.

hi gotham,
I have checked port 443, it is not used by any other process. We are using tomcat server, there is no Apache. And we have followed these steps: to configure lets encrypt SSL on our web server running on AWS ec2.

have you tried the above?

also can you please post server.xml config ?

Hi gotham,
server.xml details :

<?xml version='1.0' encoding='utf-8'?>
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
    maxThreads="150" minSpareThreads="4"/>

<!-- A "Connector" represents an endpoint by which requests are received
     and responses are returned. Documentation at :
     Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
     Java AJP  Connector: /docs/config/ajp.html
     APR (HTTP/AJP) Connector: /docs/apr.html
     Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
<Connector port="8080" protocol="HTTP/1.1"
           redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->
<Connector executor="tomcatThreadPool"
           port="8080" protocol="HTTP/1.1"
           redirectPort="8443" />
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
     This connector uses the NIO implementation that requires the JSSE
     style configuration. When using the APR/native implementation, the
     OpenSSL style configuration is required as described in the APR/native
     documentation -->
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" />

<!--<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
          maxThreads="150" scheme="https" secure="true"
          clientAuth="false" sslProtocol="TLS"
       keystorePass="whadmin" />--> <!-- commented this by seetha -->
<Connector executor="tomcatThreadPool" port="443" protocol="HTTP/1.1"
   redirectPort="8443" schema="https" secure="true" SSLEnabled="true"/>

  <Connector port="8443" 
URIEncoding="UTF-8" SSLEnabled="true" maxThreads="150" 
scheme="https" secure="true" clientAuth="false" 
sslProtocol="TLS" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1" 
keystorePass="sometext@123" keyPass="sometext@123" 
keystoreType="JKS" keyAlias="naadiTomcat8"/>

<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />

<!-- An Engine represents the entry point (within Catalina) that processes
     every request.  The Engine implementation for Tomcat stand alone
     analyzes the HTTP headers included with the request, and passes them
     on to the appropriate Host (virtual host).
     Documentation at /docs/config/engine.html -->

<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
<Engine name="Catalina" defaultHost="localhost">

  <!--For clustering, please take a look at documentation at:
      /docs/cluster-howto.html  (simple how to)
      /docs/config/cluster.html (reference documentation) -->
  <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>

  <!-- Use the LockOutRealm to prevent attempts to guess user passwords
       via a brute-force attack -->
  <Realm className="org.apache.catalina.realm.LockOutRealm">
    <!-- This Realm uses the UserDatabase configured in the global JNDI
         resources under the key "UserDatabase".  Any edits
         that are performed against this UserDatabase are immediately
         available for use by the Realm.  -->
    <Realm className="org.apache.catalina.realm.UserDatabaseRealm"

  <Host name="localhost"  appBase="webapps"
        unpackWARs="true" autoDeploy="true">

    <!-- SingleSignOn valve, share authentication between web applications
         Documentation at: /docs/config/valve.html -->
    <Valve className="org.apache.catalina.authenticator.SingleSignOn" />

    <!-- Access log processes all example.
         Documentation at: /docs/config/valve.html
         Note: The pattern used is equivalent to using pattern="common" -->
    <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
           prefix="localhost_access_log" suffix=".txt"
           pattern="%h %l %u %t &quot;%r&quot; %s %b" />


Test it with 8443 instead of 443 and try accessing the app with this 8443 .check if its working fine .if its fine , definitely tomcat user cant able to bind with 443 .

open /etc/default/tomcat[version]


authbind=yes [ at the last line ]

save it

sudo apt-get update
sudo apt-get install authbind
touch /etc/authbind/byport/443
chmod 500 /etc/authbind/byport/443
chown tomcat8 /etc/authbind/byport/443

systemctl restart tomcat8.service or service tomcat8 restart


sorry , the above method is for debian/ubuntu . i forgot you are using Amazon linux .

PLease check this link for amazon linux .

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.