400 Bad Request: “The Plain HTTP Request Was Sent to HTTPS Port”

You are here:
Estimated reading time: 2 min

Overview

In some cases, enabling BitNinja WAF Pro may result in websites returning the following error:

400 Bad Request

The plain HTTP request was sent to HTTPS port

This issue can occur when the SSL Termination component of BitNinja does not shut down properly, leaving stale listener processes running.

In some, even rarer cases, users have reported a different symptom: instead of the 400 error, all hosted domains begin serving the default Plesk SSL certificate rather than their assigned certificates. This causes SSL certificate mismatch warnings across all websites. Although the symptoms differ, the underlying cause appears to be related, and the resolution steps in this guide can be used for both scenarios.

Root Cause

During the startup sequence of WAF Pro, the SSL Termination worker should stop gracefully before new listeners are created by the WAF Pro module.

In certain situations, the existing bitninja-ssl-termination process does not terminate successfully and remains running. As a result, stale listeners may remain bound to internal ports.

Example:

sudo lsof -i -P -n | grep LISTEN

Part of the above command output:

bitninja-ssl-termination ... TCP *:60413 (LISTEN)
bitninja-ssl-termination ... TCP *:60414 (LISTEN)
bitninja-ssl-termination ... TCP 127.0.0.1:61936 (LISTEN)
bitninja-ssl-termination ... TCP *:60415 (LISTEN)
bitninja-ssl-termination ... TCP *:60418 (LISTEN)

These leftover listeners can interfere with normal HTTPS traffic handling and trigger the HTTP-to-HTTPS port mismatch error.

How to Verify

Check the BitNinja /var/log/bitninja/main.log for SSL Termination shutdown messages.

Example:

[info] 2026-06-24 14:55:17 - Initiating graceful shutdown for process [WorkerSslTerminating:189329]
[warn] 2026-06-24 14:55:27 - Process [WorkerSslTerminating:189329] did not stop in time. Sending SIGKILL.

The warning indicates that the SSL Termination worker failed to stop gracefully within the expected timeout period.

Resolution

Option 1 – Restart BitNinja

The recommended solution is to restart BitNinja:

service bitninja restart

After the restart, verify that the websites are accessible and the error is no longer present.

Option 2 – Manually Terminate the Stuck Process

If a full BitNinja restart did not fix the issue, identify the stuck bitninja-ssl-termination process and terminate it manually:

ps aux | grep bitninja-ssl-termination

Then kill the affected process:

kill -9 <PID>

Replace <PID> with the actual process ID.

After terminating the process, verify that the stale listeners have been removed:

sudo lsof -i -P -n | grep LISTEN

Additional Notes

Since BitNinja 3.16.0 relies exclusively on the Caddy-based WAF Pro implementation, the legacy ProxyFilter and SSLTerminating services are no longer part of the supported architecture. As a result, issues related specifically to the old NGINX/HAProxy-based WAF stack are expected to disappear as environments transition fully to the new WAF Pro solution.

Why Was the Legacy WAF Removed?

The decision to retire the previous architecture was made to simplify the traffic processing chain and improve overall reliability and performance.

Benefits of the new WAF Pro architecture include:

  • Improved request processing performance
  • Reduced resource consumption
  • Simpler and more maintainable architecture
  • Fewer moving parts and service dependencies
  • Better SSL/TLS handling
  • Faster deployment and configuration updates
  • Improved long-term maintainability and feature development
Was this article helpful?
It was not helpful
Views: 39