The correct command is firewall-cmd --permanent --add-port=8443/tcp && firewall-cmd --reload. This command first makes a permanent change to the firewall rules to allow traffic on port 8443, which is where the web server is now listening for secure traffic, and then reloads the firewall to apply the changes immediately without affecting other services or requiring a system reboot. firewall-cmd --permanent --add-service=https is not correct in this context because the web server is using a non-standard port, not the default port for HTTPS (443). Similarly, firewall-cmd --permanent --zone=public --add-port=443/tcp is incorrect as it opens the default HTTPS port, not the non-standard one in use. iptables -I INPUT -p tcp --dport 8443 -j ACCEPT && service iptables save would apply the rule without making it permanent across reboots because the service iptables save command is specific to certain Linux distributions that use the service management utility and not a standard way to persist firewall rules.