Cannot connect to website with https

Hi,
I'm building a system using "the perfect server Centos 7 - NGINX, Dovecot, postfix, mysql, ispconfig3...."
The problem is that I cannot get to my website to work with https. I does work with http.
I can reach Ispcinfig3 and phpMyAdmin with https but the host website gives me an "unable to connect."
I've checked ispconfig.vhost and it has ssl enabled:
ispconfig.vhost: ssl on;
ispconfig.vhost: ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ispconfig.vhost: ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt;
ispconfig.vhost: ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;

But it is not enabled for the website.
The SSL checkbox is checked for the domain.
I've tried deleting and recreating the certificate in ispconfig3 without any luck.
I know if I put it in manually, it will get overwritten the next time I make a change.
Are there any ideas to get this working.
Thanks.

 

Thanks Till,
i'm using nginx.
I did: # iptables -A INPUT -p tcp --dport 443 -j ACCEPT

But: # iptables -L "shows nothing"
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:https

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

# netstat -tap| grep 443 - "show no output"
# netstat -tap | grep -i http
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN 2971/nginx: master
tcp6 0 0 [::]:http [::]:* LISTEN 2971/nginx: master
tcp6 0 0 localhost:http localhost:49513 TIME_WAIT -

I am sitting behind a router so add deleted the port forwarding on 443 and re-added it. Port 80 works because I can get to my site with http.

I checked SELINUX
SELINUX=disabled

MyDomain in /etc/nginx/sites-available/mydomain.com.vhost does not have two sections.
Here is my nginx directive (I'm also setting up owncloud) for MyDomain.com:
upstream php-handler {
server 127.0.0.1:9000;
#server unix:/var/run/php5-fpm.sock;
}

server {
listen 80;
server_name MyDomain.com;
# enforce https
return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl;
server_name MyDomain.com;

ssl_certificate /var/www/clients/client1/web5/ssl/MyDomain.com.crt;
ssl_certificate_key /var/www/clients/client1/web5/ssl/MyDomain.com.key;

# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;

# Path to the root of your installation
root /var/www/clients/client1/web5/web/;
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;

# Disable gzip to avoid the removal of the ETag header
gzip off;

# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;

rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;

index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
deny all;
}

location / {
# The following 2 rules are only needed with webfinger
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;

rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

try_files $uri $uri/ /index.php;
}

location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
}

# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
# Optional: Don't log access to assets
access_log off;
}

# Optional: Don't log access to other assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
access_log off;
}
}
}

Out of desperation I even rebooted the box.
Do you have any other ideas?
Thanks

 

Let me point out that after doing some research I found I did not have a firewall record for the server.
I added a FW record and included port 443. However, netstat -nap does not show port 443.

 

That's exactly what the problem was. Once I got rid of all the extra info and trimmed it down to just the rewrites, I was able to get in with https. And 443 started showing up with netstat -nap.

The nginx directives came from owncloud.org for an nginx installation. So what I get out of this is that the install must be tailored not just for nginx, but also for ISPconfig3. You can mark this solved.
Thanks again.
Till