Issue Server goes down everyday around the same time

[theprinze]

I can't figure this out. Everyday between 5am and 7am the server completely goes down. I have to reboot from host. I can't figure this out. I thought it was ddos attack because I did see some 403 errors in log trying to post to wp-login.php and xmlrpc.php. So I configured fail2ban and ddos protection extension to no avail. I'm not sure what other logs to check to find a clue as to why this is happening.

 

[pleskpanel]

This behavior may be attributed to a daily operated system union-mandated break

The 403 errors are likely false positives. Do you have any backup processes scheduled for that time?

Another other possibility here might be with log rotation - have you checked the server-level error logs to see if there are any entries around that time?

 

[pleskpanel]

If I recall correctly there was a thread similar to this a few years back as well but it's somewhat old so it may not be relevant to your setup.

 

[Bitpalast]

You could look into /var/log/messages what is happening at the given time.

When you say "between" do you mean that if you do nothing, after that time period the server comes back up? In that case maybe you have configured your backup that websites shall be shut down during the backup process?

 

[cientiros]

I'm getting a hard "connection has timed out". This is super annoying. Looking for any solutions. Thanks!

 

[Bitpalast]

Have you checked in your Fail2Ban IP block list if your IP is being blocked?

 

[cientiros]

Have you checked in your Fail2Ban IP block list if your IP is being blocked?

No.

 

[cientiros]

Have you checked in your Fail2Ban IP block list if your IP is being blocked?

I can't even log on to Plesk!

 

[IgorG]

I can't even log on to Plesk!

Are you sure that this server is up and running at least?

$ nmap 55.33.213.19

Starting Nmap 6.40 ( http://nmap.org ) at 2021-03-18 10:02 UTC
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn

$ ping 55.33.213.19 is also not responding.

Also, you've created a lot of forum posts about your Plesk not working. I ask you to stop this spam and deal with the problem in one thread.

 

[pleskpanel]

The first order of business is to regain access to your server. Start with SSH if you can't get into your panel and if you're not able to SSH the ask your provider for assistance to regain access (assuming that it's a virtualized server, VPS, or that they can get in).

 

[cientiros]

The first order of business is to regain access to your server. Start with SSH if you can't get into your panel and if you're not able to SSH the ask your provider for assistance to regain access (assuming that it's a virtualized server, VPS, or that they can get in).

I'm using Amazon Lightsail. I reboot it last night and I was able to logon to Plesk, but it was still super slow and stalling. I did the same this morning and logging into Plesk keeps timing out. I thought it was an issue with Plesk. I'm reaching out to Amazon tech support now.

I still don't understand how this even happened.

For days now I've been getting spammed with this notification from Plesk. Every time I'd try to find out the issue in Plesk, I could not find anything that pointed to the cause other than the notification pointing to pretty server graphs but no solution or specific issue identified.

Yes, I'm new to Plesk.

"The threshold of Apache & PHP-FPM memory usage has been exceeded"​

 

[cientiros]

I hate to post this stuff, but I really want to become one with Plesk... If you have any advice, I'm willing to learn.

Here are a few other issues.
I Reboot the server and was able to get on.
I took this screenshot and updated Plesk Obsidian.

I also got this email 30 minutes ago which I've seen before.

​

Could not secure domains of admin (login admin) with Let's Encrypt certificates. Please log in to Plesk and secure the domains listed below manually. Securing of the following domains has failed: <none> The following domains have been secured without some of their Subject Alternative Names: <none> Could not renew Let's Encrypt certificates for admin (login admin). Please log in to Plesk and renew the certificates listed below manually. Renewal of the following Let's Encrypt certificates has failed: * 'Lets Encrypt certificate' [days to expire: 1] [-] vigilant-lovelace.34-220-114-167.plesk.page Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/11659590303. Details: Type: urn:ietfarams:acme:error:connection Status: 400 Detail: Fetching http://vigilant-lovelace.34-220-114...e/W8tV28nb7KRPb4r3FthcvMb77LizTsIkBmbEB_9g2ik: Timeout during connect (likely firewall problem) The following Let's Encrypt certificates have been renewed without some of their Subject Alternative Names: <none> Legend: [+] This domain is secure. The domain's SSL/TLS certificate from Let's Encrypt has been issued/renewed. [-] This domain is not secure. Either the domain's SSL/TLS certificate from Let's Encrypt could not be issued/renewed or the domain name was excluded from the certificate. Renew the certificate manually or request a new one to secure this domain.​

 

[Bitpalast]

@cientiros I would like to ask you whether you could please consider to open a separate thread for each issue that you have with your Plesk. It's counter-productive to add new topics to existing threads and it steals a lot of people their time as we go through all the "new" posts only to find that topics that are not related to the topic of a thread have been added.

 

[pleskpanel]

I'm using Amazon Lightsail. I reboot it last night and I was able to logon to Plesk, but it was still super slow and stalling. I did the same this morning and logging into Plesk keeps timing out. I thought it was an issue with Plesk. I'm reaching out to Amazon tech support now.

I still don't understand how this even happened.

For days now I've been getting spammed with this notification from Plesk. Every time I'd try to find out the issue in Plesk, I could not find anything that pointed to the cause other than the notification pointing to pretty server graphs but no solution or specific issue identified.

Yes, I'm new to Plesk.

"The threshold of Apache & PHP-FPM memory usage has been exceeded"​

Plesk generates the notification but the underlying issue isn't Plesk itself. You have a PHP process that is spawning children or exceed the limits of the Amazon instance that you're running so it might be a good idea to check into why that's occurring.

 

[pleskpanel]

I hate to post this stuff, but I really want to become one with Plesk... If you have any advice, I'm willing to learn.

Here are a few other issues.
I Reboot the server and was able to get on.
I took this screenshot and updated Plesk Obsidian.

I also got this email 30 minutes ago which I've seen before.

​ ​

​ Could not secure domains of admin (login admin) with Let's Encrypt certificates. Please log in to Plesk and secure the domains listed below manually. Securing of the following domains has failed: <none> The following domains have been secured without some of their Subject Alternative Names: <none> Could not renew Let's Encrypt certificates for admin (login admin). Please log in to Plesk and renew the certificates listed below manually. Renewal of the following Let's Encrypt certificates has failed: * 'Lets Encrypt certificate' [days to expire: 1] [-] vigilant-lovelace.34-220-114-167.plesk.page Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/11659590303. Details: Type: urn:ietfarams:acme:error:connection Status: 400 Detail: Fetching http://vigilant-lovelace.34-220-114...e/W8tV28nb7KRPb4r3FthcvMb77LizTsIkBmbEB_9g2ik: Timeout during connect (likely firewall problem) The following Let's Encrypt certificates have been renewed without some of their Subject Alternative Names: <none> Legend: [+] This domain is secure. The domain's SSL/TLS certificate from Let's Encrypt has been issued/renewed. [-] This domain is not secure. Either the domain's SSL/TLS certificate from Let's Encrypt could not be issued/renewed or the domain name was excluded from the certificate. Renew the certificate manually or request a new one to secure this domain.​

The error is accurate; the URL above can't be reached so the certificate can be re-issued.

Serving pages again should be the first priority then the renewal process can run.

 

[weltonw]

I can't figure this out. Everyday between 5am and 7am the server completely goes down. I have to reboot from host. I can't figure this out. I thought it was ddos attack because I did see some 403 errors in log trying to post to wp-login.php and xmlrpc.php. So I configured fail2ban and ddos protection extension to no avail. I'm not sure what other logs to check to find a clue as to why this is happening.

Check /var/log/httpd/error_log & /var/log/plesk-php{yourphpversion}-fpm/error.log post-humously and see what's up.

Do you have other resource utilization specs? Ie, RAM/disk IO? Very helpful in pinpointing the cause.

If you can't SSH - try IPMI/KVM Console (for dedicated/bare metal) & VNC Console (for VPSes) which let you login via bypassing the sshd daemon & firewall(s)