Apache IBM HTTP Server Setup - HTTP works but not HTTPS

Question

This is my first HTTP server setup. I am configuring the IBM HTTP Server 8.5.5.14 to serve as a reverse proxy for a Rational CLM 6.0.6 implementation that is distributed across several Windows Server 2016 virtual machines.

I have read the work instructions here and have provisioned the SSL certificates. When I modify the httpd.conf file according to the work instructions, the HTTP server doesn't start and the system event viewer logs:

(OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted.  : make_sock: could not bind to address 0.0.0.0:443

I narrowed it down to the guidance in the work instructions that says to add:

Listen 443

When the httpd.conf already has:

Listen 0.0.0.0:443

Note that the work instructions indicate that BOTH listens should be in httpd.conf.

However, when I comment "Listen 443", the server starts and is accessible via HTTP but returns ERR_CONNECTION_CLOSED when accessed via HTTPS.

Any thoughts? Thanks in advance!

Answer 1

Summary:

If that guidance was written for other platforms, or for non-IHS Apache on widdows, just add Listen [::]:443 to your existing Listen 0.0.0.0:443.

Details: You should never use those Listen directives together on any platform as one is a subset of the other and overlapping Listen directives are likely to cause an error (there are some optimizations that allow Apache to silently ignore some specific forms of overlap)

On Windows, the server fails if you use the form of Listen that only includes a port, due to a historical Windows quirk of IBM HTTP Server:

[Thu Feb 07 09:04:14.911188 2019] [core:error] [pid 20912:tid 356] Windows Listen directives should always specify an IPv4 or IPv6 address. e.g. Listen 0.0.0.0:80, or Listen [::]:80. See IHS readme or IHS IPv6 documentation for more details.