400 Timeout Error in Plesk

richpeck · April 27, 2022, 10:20am

One of my clients is running the latest version of Plesk and is experiencing intermittent issues with LetsEncrypt being unable to validate different domains, citing 400 "Timeout" errors.

Due to the haphazard nature of the problem, I wanted to come here to see if anyone could potentially find something I may have missed. I have combed the server and have been unable to identify the underlying cause of the problem, although we have found a workaround which works sporadically.

I will explain everything below: -

My IP is:
82.223.49.25

My domain is:

autobloccantiedil73.it
esteticadeatorino.it
lurgolog.it

I ran this command:

Plesk's "LetsEncrypt" mechanism via SSLIt! (not sure how it does it)
PunchSalad SSL generator (SSL Certificate Generator: Free letsencrypt SSL in minutes - PunchSalad)

It produced this output:

On some occasions, a 400 error will be cited: -

{
  "type": "http-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:connection",
    "detail": "82.223.49.25: Fetching http://www.lurgolog.it/.well-known/acme-challenge/maxXmLFtYHZx8T1Xfkedqzb25X5CLa2sw6vxjfR0YNk: Timeout during connect (likely firewall problem)",
    "status": 400
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/102417245607/9iUWXA",
  "token": "maxXmLFtYHZx8T1Xfkedqzb25X5CLa2sw6vxjfR0YNk",
  "validationRecord": [
    {
      "url": "http://www.lurgolog.it/.well-known/acme-challenge/maxXmLFtYHZx8T1Xfkedqzb25X5CLa2sw6vxjfR0YNk",
      "hostname": "www.lurgolog.it",
      "port": "80",
      "addressesResolved": [
        "82.223.49.25"
      ],
      "addressUsed": "82.223.49.25"
    }
  ],
  "validated": "2022-04-26T21:23:06Z"
}

On others, it will all work as expected.

The thing that's stumped me is the intermittent nature of it. Sometimes it will work without a hitch, other times it will not work at all.

My web server is (include version):
Plesk with NGinx/Apache.

The operating system my web server runs on is (include version):
CentOS Linux 7.9.2009 (Core)

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Plesk Obsidian 18.0.43 Aggiorna #1

--

Any insights would be greatly received.

We managed to get around the issue by disabling the HTTP->HTTPS redirect inside Plesk as well as removing the "preferred domain" too. But this still only works around 80% of the time -- I really want to find out what is causing the issue.

mserra · April 27, 2022, 10:31am

Take a look: Suddenly Timeout during connect (likely firewall problem) for www subdomain

9peppe · April 27, 2022, 11:02am

I just sent nearly 200 requests to that address and I did not see a single failure. Geoblocking, maybe?

❯ for _ in {1..100}; do curl -sfL http://www.lurgolog.it/.well-known/acme-challenge/maxXmLFtYHZx8T1Xfkedqzb25X5CLa2sw6vxjfR0YNk; echo; done

richpeck · April 27, 2022, 11:15am

Thank you for the replies guys!

This is also showing 400 error... which, again, suggests a geoblock. I'm going to see if I can talk to the host about it - to see if anything is happening there.

9peppe · April 27, 2022, 11:26am

FYI, my requests came from Italy. But my servers in Germany and Iceland have no issue either, with that address.

richpeck · April 27, 2022, 11:26am

btw seems the client is using Arsys hosting, which seems to be the culprit in the @mserra post above (thank you for that by the way). Currently reading through that thread.

system · May 27, 2022, 11:27am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.