Plesk HTTPS Not Working? Fix 502 Bad Gateway and ERR_CONNECTION_REFUSED SSL Errors

Priya

Content Writer & Researcher

Last Updated: 18 June 2026

Plesk HTTPS Not Working? Fix 502 Bad Gateway and ERR_CONNECTION_REFUSED SSL Errors

🖥️

Did a Plesk Update Break HTTPS on All Your Sites?

CloudHouse engineers can restore HTTPS across your entire Plesk server in under an hour — diagnosing Apache SSL module failures, nginx proxy misconfigurations, and certificate issues remotely without downtime to your HTTP traffic.

🔧 Book Free Diagnosis Call Now WhatsApp

🖥️12,400+PCs Fixed

⭐4.9★Google Rating

⚡<15 minAvg. Response

🛡️ISO 27001Certified

If all websites on your Plesk server suddenly stopped loading over HTTPS while HTTP still works, you are almost certainly looking at a corrupted or missing Apache SSL module configuration. This typically happens after a Plesk update, an OS package upgrade, or a plesk repair run that does not complete cleanly. This guide covers every fix for Plesk HTTPS errors including 502 Bad Gateway, ERR_CONNECTION_REFUSED, and SSL handshake failures — with exact commands for both RHEL/CentOS and Debian/Ubuntu servers.

Understanding Why Plesk HTTPS Fails on All Sites Simultaneously

When a single site stops working over HTTPS in Plesk, the cause is usually a certificate problem specific to that domain. But when all sites fail at once, the root cause is almost always at the web server level, not the certificate level.

In Plesk's dual-stack setup (nginx as reverse proxy in front of Apache), HTTPS traffic flows like this:

Client → nginx (port 443, terminates SSL) → Apache (port 7081, internal) → PHP/content

If Apache is not listening on port 7081 with SSL enabled, nginx cannot proxy HTTPS requests to it, resulting in 502 Bad Gateway or ERR_CONNECTION_REFUSED for every domain on the server.

If nginx is disabled (Apache-only mode), Apache must listen directly on port 443. If the Apache SSL module is not loaded, all HTTPS connections fail immediately.

Step 1: Confirm the Error and Identify the Stack

Before running any fixes, confirm exactly what is failing.

Check if Apache is listening on SSL ports:

ss -tlnp | grep -E '7081|443'
# With nginx+Apache: should see 7081 (Apache) and 443 (nginx)
# Apache-only: should see 443 (Apache)

If port 7081 or 443 shows nothing for Apache, the SSL module is not loaded.

Check Apache error logs:

# CentOS/RHEL
tail -50 /var/log/httpd/error_log

# Debian/Ubuntu  
tail -50 /var/log/apache2/error.log

Look for messages like:

Invalid command 'SSLEngine' — mod_ssl not loaded
Cannot load modules/mod_ssl.so — SSL module binary missing
AH00526: Syntax error on line N of /etc/httpd/conf.d/ssl.conf — corrupted ssl.conf

Check nginx error logs (if nginx is enabled):

tail -50 /var/log/nginx/error.log

Look for connect() failed (111: Connection refused) pointing to 127.0.0.1:7081 — this confirms nginx cannot reach Apache on the SSL port.

💡 None of these worked? Skip the guesswork.

Get Expert Help →

Step 2: Fix on CentOS / RHEL / AlmaLinux / Rocky Linux

The most reliable fix on RPM-based systems is to reinstall mod_ssl and then run plesk repair web.

1Reinstall mod_ssl

yum reinstall mod_ssl -y

This restores the SSL module binary and the default /etc/httpd/conf.d/ssl.conf if either was corrupted or deleted during an OS update.

2Run plesk repair web

plesk repair web -y

This rebuilds all Apache and nginx vhost configuration files for every domain on the server — including the SSL listener entries — and then restarts both web servers.

3Verify Apache is listening on 7081

ss -tlnp | grep 7081

If you see Apache listening, test a domain immediately:

curl -Ik https://yourdomain.com

1Check if the SSL module is enabled

apache2ctl -M | grep ssl

If the output is empty, the SSL module is disabled.

2Enable mod_ssl and restart Apache

a2enmod ssl
systemctl restart apache2

If the symlinks in /etc/apache2/mods-enabled/ are missing, create them manually:

ln -s /etc/apache2/mods-available/ssl.conf /etc/apache2/mods-enabled/ssl.conf
ln -s /etc/apache2/mods-available/ssl.load /etc/apache2/mods-enabled/ssl.load
systemctl restart apache2

3Run plesk repair web

plesk repair web -y

This step is important even after enabling mod_ssl — it regenerates Plesk's SSL vhost configurations which control which certificate each domain uses.

1Check the domain's SSL/TLS settings in Plesk

Go to Plesk > Domains > yourdomain.com > Hosting Settings. Ensure SSL/TLS support is checked. If it was accidentally unchecked during the outage, enabling it here triggers a vhost rebuild for that domain.

2Verify the certificate is valid and assigned

Go to Plesk > Domains > yourdomain.com > SSL/TLS Certificates. Confirm a certificate is selected and not expired. If Let's Encrypt, click Renew to force a fresh issuance.

3Rebuild vhost for a single domain

plesk repair web -domains-only yourdomain.com

4Test with openssl s_client (not just a browser)

openssl s_client -connect yourdomain.com:443 -servername yourdomain.com 2>/dev/null | openssl x509 -noout -dates -subject

This bypasses browser caching and shows exactly which certificate the server is presenting, plus its expiry date.

Step 6: Verify the Fix Across All Domains

After the repair, run a quick bulk check to confirm all domains are responding on HTTPS:

for domain in $(plesk bin domain --list); do
  code=$(curl -sk -o /dev/null -w "%{http_code}" "https://$domain")
  echo "$code $domain"
done

Any domain returning 000 (connection refused) or 502 still needs attention — check its individual Hosting Settings and certificate assignment in Plesk.

For a comprehensive SSL quality check, run your primary domain through SSL Labs (ssllabs.com/ssltest) after the fix to confirm the certificate chain is complete, TLS 1.2+ is negotiated, and no old cipher suites are exposed.

If your Plesk server keeps losing HTTPS after updates or you need help diagnosing recurring SSL configuration issues, CloudHouse's managed server team provides emergency Plesk support with guaranteed response times.

Get the Free Linux Server Admin Cheatsheet (PDF)

Essential commands for server management, networking, and troubleshooting — all on one printable page.

Running Linux servers? Let us manage them for you.

Our Managed Linux Server plans cover updates, security hardening, monitoring, and 24/7 incident response — so your servers stay up and your team stays focused.

Proactive OS patching and security updates
24×7 monitoring with instant alerting
Backup configuration and disaster recovery
Dedicated Linux engineers on call

See Pricing Plans →

What our customers say

“Our production server went down at 2 AM. CloudHouse had it back online in under 20 minutes. Incredible response time.”

Arun S.

CTO, SaaS Startup

“They migrated our entire infrastructure from Ubuntu 18 to 22 with zero downtime. Couldn't have asked for better.”

Deepak N.

DevOps Lead

Frequently Asked Questions

When every site fails over HTTPS simultaneously while HTTP still works, the cause is almost always at the web server level rather than a certificate issue. In Plesk's default nginx+Apache stack, Apache must listen on port 7081 with SSL enabled. If the Apache mod_ssl module is missing or corrupted — typically after an OS update or yum/apt upgrade — Apache stops listening on the SSL port and nginx cannot proxy HTTPS traffic to it, causing 502 Bad Gateway for every domain on the server.

Book your free 15-minute diagnosis

A certified technician will call you back within 15 minutes during business hours.

Share this article

Comments (0)

Loading comments...