ERR_EMPTY_RESPONSE: The Server Sent Nothing
ERR_EMPTY_RESPONSE means the server accepted the TCP connection but closed it without sending an HTTP response. Typical for PHP-FPM/Apache crashes, nginx timeouts toward the upstream, or OOM kills. Causes: backend died, worker_connections exhausted, DB query hung. Fix: check backend logs, nginx error_log, systemctl status, raise PHP memory_limit.
This error blocks HTTPS access. Below: causes, fixes, working config, FAQ.
Common Causes
- PHP-FPM/Apache worker crash or segfault
- nginx upstream timeout — backend did not answer in time
- OOM killer killed the PHP/worker
- DB connection pool exhausted — request waits and server drops connection
- Backend infinitely returns 499 (client closed) in a redirect loop
- Cloudflare Error 520 (server returns empty reply)
Step-by-Step Fix
- Check
tail -f /var/log/nginx/error.log— look for "upstream prematurely closed" or "recv() failed" - PHP-FPM logs:
tail -f /var/log/php8.x-fpm.log— look for "child exited on signal" or OOM - Raise memory_limit:
php_admin_value[memory_limit] = 512M - Check status:
systemctl status php-fpm nginx— all running? - Monitor uptime via Enterno Monitor — instant flap alerts
- On Cloudflare — test origin:
curl -H "Host: example.com" https://IP/
Example: Proper nginx TLS config
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers off;
ssl_stapling on;
ssl_stapling_verify on;
}Related SSL Errors
Why teams trust us
How it works
Enter domain
TLS chain verified
Expiry date & vulnerabilities
What Does the SSL Check Cover?
SSL/TLS is the encryption protocol that protects data between the browser and server. Our tool analyzes the certificate, chain of trust, TLS version, and knownvulnerabilities.
Certificate Details
Issuer, validity period, signature algorithm, covered domains (SAN), and validation type (DV/OV/EV).
Chain of Trust
Full chain verification: from leaf certificate through intermediates to root CA.
TLS Analysis
Protocol version (TLS 1.2/1.3), cipher suites, Perfect Forward Secrecy (PFS) support.
Expiry Alerts
Set up a monitor — get Telegram and email alerts 30/14/7 days before expiration.
DV vs OV vs EV Certificates
- Confirms domain ownership only
- Issued in minutes automatically
- Free via Let's Encrypt
- Suitable for most websites
- Most common certificate type
- Organization (OV) or Extended Validation (EV)
- Issued in 1-5 business days
- Costs $50 to $500/year
- For finance, e-commerce, government sites
- Increases user trust
Who uses this
DevOps
SSL certificate monitoring
Security
TLS config audit
SEO
HTTPS as ranking factor
E-commerce
customer trust
Common Mistakes
www and subdomains.Best Practices
Strict-Transport-Security header forces browsers to always use HTTPS.Get more with a free account
SSL certificate monitoring, check history and alerts 30 days before expiry.
Sign up freeLearn more
How-to
Frequently Asked Questions
How is it different from ERR_CONNECTION_REFUSED?
Refused — TCP connect failed (no listener). Empty — connection established but reply is empty. The cause is deeper: the worker died after accept().
Only happens on POST requests — why?
Large POST bodies exceed nginx <code>client_max_body_size</code> or PHP <code>post_max_size</code>. PHP-FPM rejects, nginx drops the connection → empty response.
How can I catch the exact moment of failure?
Enable nginx <code>access_log</code> with <code>$upstream_response_time</code> and <code>$upstream_status</code>. An empty upstream_status with a timestamp is the moment.
Does restarting help?
Temporarily, yes. The problem returns. Find the root cause in the logs.