Port 443
HTTPS - Secure HTTP over TLS/SSL
Port 443: HTTPS Secure Web Traffic
| Protocol | TCP |
| Service | HTTPS (Secure Web) |
| Encrypted | Yes (TLS) |
| IANA Status | Official |
What is Port 443?
Port 443 is the default port for HTTPS (HTTP Secure) traffic. It uses TLS (Transport Layer Security) to encrypt all data between the client and server, protecting against eavesdropping and tampering.
Why Use HTTPS?
- Encryption: All data is encrypted in transit
- Authentication: Certificates verify server identity
- Integrity: Data cannot be modified in transit
- SEO: Google ranks HTTPS sites higher
- Browser requirements: Many APIs require secure context
TLS Versions
| Version | Status |
|---|---|
| TLS 1.3 | Recommended |
| TLS 1.2 | Secure |
| TLS 1.1 | Deprecated |
| TLS 1.0 | Insecure |
Server Configuration
Nginx with Let's Encrypt
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers off;
# HSTS
add_header Strict-Transport-Security "max-age=63072000" always;
}Get a Free SSL Certificate
# Install certbot
sudo apt install certbot python3-certbot-nginx
# Get certificate
sudo certbot --nginx -d example.com -d www.example.com
# Auto-renewal is configured automatically
sudo certbot renew --dry-runTroubleshooting
# Test SSL connection
openssl s_client -connect example.com:443
# Check certificate expiry
echo | openssl s_client -connect example.com:443 2>/dev/null | \
openssl x509 -noout -dates
# Test TLS version support
openssl s_client -connect example.com:443 -tls1_3
# Check what's listening on 443
sudo lsof -i :443Common Issues
- Certificate expired: Renew with
certbot renew - Mixed content: Resources loaded over HTTP on HTTPS page
- Port blocked: Check firewall allows 443/tcp
- Certificate mismatch: Wrong domain in certificate
How to Check if Port 443 is Open
Use these commands to verify HTTPS connectivity and inspect SSL/TLS certificates.
# From a remote machine — test connectivity
nc -zv example.com 443 # Netcat
curl -vI https://example.com # Verbose HTTPS headers
nmap -p 443 --script ssl-enum-ciphers example.com
# Test SSL/TLS connection and view certificate
openssl s_client -connect example.com:443
# Check certificate expiry date
echo | openssl s_client -connect example.com:443 2>/dev/null | \
openssl x509 -noout -dates
# On the server — check what's listening
sudo ss -tlnp | grep :443
sudo lsof -i :443
# Check firewall rules
sudo ufw status | grep 443HSTS and Security Headers
Once HTTPS is working on port 443, strengthen your security with these HTTP headers.
# Nginx security headers for HTTPS
server {
listen 443 ssl http2;
# HSTS — tell browsers to always use HTTPS
add_header Strict-Transport-Security
"max-age=63072000; includeSubDomains; preload" always;
# Prevent clickjacking
add_header X-Frame-Options "SAMEORIGIN" always;
# Prevent MIME type sniffing
add_header X-Content-Type-Options "nosniff" always;
# Content Security Policy
add_header Content-Security-Policy
"default-src 'self'; script-src 'self'" always;
}Monitoring HTTPS with UptimeSignal
An expired SSL certificate on port 443 causes browsers to show a security warning, driving away visitors. UptimeSignal monitors your HTTPS endpoints and alerts you before certificates expire. Use our free SSL Checker to inspect your current certificate. Pair it with monitoring on port 80 to ensure your HTTP-to-HTTPS redirect is working.
Frequently Asked Questions
What runs on port 443?
Port 443 is the default port for HTTPS, which is HTTP encrypted with TLS (Transport Layer Security). Every modern website, API endpoint, and web application uses port 443 to serve encrypted traffic. Web servers like Nginx, Apache, and Caddy listen on this port with an SSL/TLS certificate to protect data in transit.
What is the difference between port 80 and port 443?
Port 80 serves unencrypted HTTP traffic that anyone on the network can intercept. Port 443 serves HTTPS traffic encrypted with TLS, protecting passwords, cookies, API keys, and personal data. Modern best practice redirects all port 80 traffic to port 443. Google ranks HTTPS sites higher, and browsers show "Not Secure" warnings for HTTP pages.
How do I get a free SSL certificate for port 443?
Let's Encrypt provides free certificates. Install certbot (
sudo apt install certbot python3-certbot-nginx) and run sudo certbot --nginx -d yourdomain.com. It configures your server and sets up auto-renewal. Cloudflare, AWS Certificate Manager, and ZeroSSL also offer free certificates. Use our SSL Checker to verify your certificate.
Why is my HTTPS connection on port 443 not working?
Common causes: expired SSL certificate, firewall blocking port 443, certificate domain name mismatch, missing intermediate certificates in the chain, web server not listening on port 443, or TLS version incompatibility. Debug with
openssl s_client -connect hostname:443. Check our SSL error guide for detailed troubleshooting steps.
Which TLS version should I use on port 443?
Use TLS 1.3 (recommended) and TLS 1.2 (still secure). Disable TLS 1.1 and TLS 1.0, which have known vulnerabilities. In Nginx:
ssl_protocols TLSv1.2 TLSv1.3;. TLS 1.3 is faster (one fewer round-trip in handshake) and more secure. All modern browsers support TLS 1.2+.