uwsgi doesn't listen on SSL port

We recently upgraded to 20.09. Configuring galaxy to listen on a port using SSL.

Everything works OK on non-ssl ports. But of course we can’t put that into production.

I am following this guide:

That document is pointed to by a discussion on configuring uwsgi without
a proxy server here: https://biostar.galaxyproject.org/p/27838/

Galaxy reports:
Starting server in PID 8037.
serving on https://127.0.0.1:8443
serving on http://127.0.0.1:8888

mfricke@taos:~[]$ sudo lsof -i -P -n | grep :8888
uwsgi      8037   galaxy    4u  IPv4 109301279      0t0  TCP
127.0.0.1:8888 (LISTEN)
uwsgi      8104   galaxy    4u  IPv4 109301279      0t0  TCP
127.0.0.1:8888 (LISTEN)

mfricke@taos:~[]$ sudo lsof -i -P -n | grep :8443

mfricke@taos:~[]$

Galaxy has permissions to read the SSL certs:

-bash-4.2$ ls -lah /opt/galaxy/20.09/ssl/
rw-r--r--  1 galaxy galaxy-admin 1.7K Nov 25 08:24 alliance-wildcard.key
-rw-r--r--  1 galaxy galaxy-admin 2.4K Nov 25 08:24
alliance-wildcard-public.crt

and in galaxy.yaml

http: 127.0.0.1:8888
https: 127.0.0.1:8443,/opt/galaxy/20.09/ssl/alliance-wildcard-public.crt,/opt/galaxy/20.09/ssl/alliance-wildcard.key
http-to-https: =0

I also added a debug statement to make sure the parameters were being
passed down to the libraries:

galaxy.web_stack DEBUG 2020-12-02 10:40:41,885 [p:7467,w:1,m:0]
[MainThread] Calling postfork function: <function postfork_setup at
0x7f8a68952158>
VAL++++++++++++++
127.0.0.1:8443,/opt/galaxy/20.09/ssl/alliance-wildcard-public.crt,/opt/galaxy/20.09/ssl/alliance-wildcard.key
VAL++++++++++++++ 127.0.0.1:8888
galaxy.web_stack INFO 2020-12-02 10:40:41,885 [p:7467,w:1,m:0]
[MainThread] Galaxy server instance 'main.web.1' is running

These are the same certificates we use on our other web services so they
should be good.

Any help would be appreciated.

All the best,

Matthew