Dec 5, 2025

How to Fix Apache Connection Refused on Debian 11

The Root Cause

“Apache Connection Refused” on Debian 11 primarily indicates that the Apache2 service is either not running on the expected port or a firewall is blocking incoming connections to that port. This often occurs after reboots, configuration changes that prevent Apache from starting correctly, or if ufw (Uncomplicated Firewall) or other network security rules are activated without allowing HTTP/HTTPS traffic.

Quick Fix (CLI)

# 1. Check Apache2 service status
sudo systemctl status apache2

# If Apache2 is inactive (dead) or failed, start it and enable for boot
sudo systemctl start apache2
sudo systemctl enable apache2

# 2. Check Uncomplicated Firewall (UFW) status
sudo ufw status

# If UFW is active and not explicitly allowing Apache, permit the necessary traffic.
# Option A: Allow the 'Apache' application profile (recommended)
sudo ufw allow 'Apache'

# Option B: Explicitly allow HTTP and HTTPS ports
# sudo ufw allow 80/tcp
# sudo ufw allow 443/tcp

# Reload UFW to apply the new rules
sudo ufw reload

Configuration Check

# Examine Apache's primary port configuration file
sudo nano /etc/apache2/ports.conf

# Ensure 'Listen 80' is present and uncommented for HTTP.
# If using HTTPS, ensure 'Listen 443' is also present and uncommented within its respective IfModule block.
# Example snippet:
# Listen 80
# <IfModule ssl_module>
#     Listen 443
# </IfModule>
# <IfModule mod_gnutls.c>
#     Listen 443
# </IfModule>

# Review virtual host configurations for specific IP bindings that might be incorrect
# For example, check the default virtual host:
# sudo nano /etc/apache2/sites-available/000-default.conf
# Ensure 'VirtualHost *:80' is used unless you specifically intend to bind to a particular IP address.
# A misconfigured IP here (e.g., binding to an IP that doesn't exist) can prevent Apache from starting.

# Check Apache error logs for detailed startup failures or binding issues
sudo tail -f /var/log/apache2/error.log
# Look for messages like 'AH00072: make_sock: could not bind to address' or other critical errors.

# After any configuration changes, always restart Apache to apply them
sudo systemctl restart apache2

Verification

# Confirm the Apache2 service is now running without errors
sudo systemctl status apache2

# From the server itself, use curl to test connectivity to localhost
curl -I http://localhost

# From a client machine (your workstation), attempt to access the server via its IP address or domain name
# curl -I http://YOUR_SERVER_IP_OR_HOSTNAME
# or open http://YOUR_SERVER_IP_OR_HOSTNAME in a web browser