🟑 Medium   ⏱ 5–30 min  Last verified: 20 May 2026
Affected versions: RHEL 10

πŸ“– ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution β€” Primary Fix
  7. Solution β€” Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Admins cannot access web console for routine management and diagnostics tasks.

Environment & Reproduction

Occurs after minimal installs, service disablement, or firewall policy changes.

curl -kI https://localhost:9090 ; systemctl status cockpit

Root Cause Analysis

cockpit socket/service not enabled or port 9090 blocked in firewalld.

Quick Triage

Check cockpit package state, socket activation, and firewall rules.

rpm -q cockpit ; systemctl status cockpit.socket ; sudo firewall-cmd --list-services

Step-by-Step Diagnosis

Confirm listener binding and TLS errors in logs.

ss -tulpen | grep 9090 ; sudo journalctl -u cockpit -u cockpit.socket -n 100
Illustrative mockup for rhel-10 β€” cockpit-unreachable-log
cockpit.service inactive and firewall blocked β€” Illustrative mockup β€” Progressive Robot

Solution β€” Primary Fix

Install cockpit, enable socket activation, and allow cockpit service in firewalld.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

sudo dnf install -y cockpit ; sudo systemctl enable --now cockpit.socket ; sudo firewall-cmd --add-service=cockpit --permanent ; sudo firewall-cmd --reload
Illustrative mockup for rhel-10 β€” cockpit-unreachable-fix
Cockpit enabled and accessible β€” Illustrative mockup β€” Progressive Robot

Solution β€” Alternative Approaches

Use SSH tunneling to localhost:9090 when direct inbound access is restricted.

Verification & Acceptance Criteria

HTTPS response on 9090 succeeds and cockpit socket remains active after reboot.

curl -kI https://localhost:9090 ; systemctl is-active cockpit.socket

Rollback Plan

Disable cockpit exposure if not required in hardened environments.

sudo firewall-cmd --remove-service=cockpit --permanent ; sudo firewall-cmd --reload ; sudo systemctl disable --now cockpit.socket

Prevention & Hardening

Restrict cockpit access by source network and enforce MFA-backed privileged accounts.

May coincide with SELinux policy denials or expired web console certificates.

Related tutorial: View the step-by-step tutorial for rhel-10.

View all rhel-10 tutorials on the Tutorials Hub β†’

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

RHEL Cockpit deployment and security hardening documentation.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β€” we respond within one business day.