Can't clone ssh after converting domain from HTTP to HTTPS

I’ve been hosting an EE instance on AWS EC2 for months, and everything has been great. Recently I moved to putting the instance behind a load balancer so that I can access it via HTTPS. The load balancer is listening to port 443, and forwarding the request on port 80 to the EC2 instance.

I can access the site behind TLS ( But cloning gives “Connection refused” error:

ben ~/tmp $ git clone
Cloning into 'example'...
ssh: connect to host port 22: Connection refused
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I’ve removed all old SSH keys in GitLab and added my ~/.ssh/ file to my account’s SSH keys.

I’ve enabled these settings in my gitlab.rb:

nginx['listen_port'] = 80

nginx['listen_https'] = false

nginx['proxy_set_headers'] = {
  "X-Forwarded-Proto" => "https",
  "X-Forwarded-Ssl" => "on"

Anyone have any tips why I might be getting Connection refused after moving from HTTP to HTTPS?

Edit: After posting this question I had the idea to try and do an clone directly to the server, which worked as expected.

git clone
    Cloning into 'example'...
    remote: Counting objects: 117, done.
    remote: Compressing objects: 100% (52/52), done.
    remote: Total 117 (delta 19), reused 0 (delta 0)
    Receiving objects: 100% (117/117), 14.02 KiB | 3.50 MiB/s, done.
    Resolving deltas: 100% (19/19), done.

But I’m still confused why using the DNS behind an ELB forwarding to port 80 isn’t working.

Hi Benjman,

I guess in your former deployment your EE instance was accessible directly via the FQDN?! Your clone statement is using SSH what has nothing todo with HTTP(S) transfer protocol.

  1. Try to test clone over HTTPS to verify that it work.
  2. For SSH clone you must configure the load balancer to listen on port 22 and redirect the traffic to the EE instance.

Good luck!


If I understand your setup correctly, your load balancer is an entirely different machine with a totally different IP. The DNS no longer points directly to your EC2.

Digging your host:image

And your EC2:

@nightman86 has the right idea, the correct thing to do is poke port 22 through the load balancer as well.

1 Like


You are using git@git means ssh port 22 and obviously it will result in refusal. You need to configure the machine to use port 22 for gitlab ssh(which u already have I think). And then configure the load balancer to listen on port 22 as well and forward it to the machine port 22.

Otherwise use git clone https:://…
If u don’t want to configure ssh in load balancer.

1 Like