• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Website subscription cannot use cURL results in cURL error 28: Resolving timed out

T

TeunieP

Basic Pleskian
Server operating system version
Centos 7
Plesk version and microupdate number
18.0.44
Hi,

I am running Plesk 18.0.43 and since about a month I am getting complaints about;
- cURL errors
- slow page loading (some specific sites take half a minute to load)
- timeouts

Also Plesk panel is slow.
No changes were made in the last month besides automatic updates. The log shows these updates have been automatically installed around the time the issues began;
Code: 
'Plesk component name': 'rsyslog' => 'rsyslog')
 'Plesk component name': 'awstats' => 'awstats')
 'Plesk component name': 'courier-imap' => 'courier-imap')
 'Plesk component name': 'fail2ban' => 'fail2ban')
 'Plesk component name': 'nginx' => 'nginx')
 'Plesk component name': 'phpmyadmin' => 'phpmyadmin')
 'Plesk component name': 'postfix' => 'postfix')
 'Plesk component name': 'psa' => 'psa')
 'Plesk component name': 'psa-api-rpc' => 'psa-api-rpc')
 'Plesk component name': 'psa-autoinstaller' => 'psa-autoinstaller')
 'Plesk component name': 'psa-backup-manager' => 'psa-backup-manager')
 'Plesk component name': 'psa-horde' => 'psa-horde')
 'Plesk component name': 'psa-imp' => 'psa-imp')
 'Plesk component name': 'psa-logrotate' => 'psa-logrotate')
 'Plesk component name': 'psa-mod-fcgid-configurator' => 'psa-mod-fcgid-configurator')
 'Plesk component name': 'psa-proftpd' => 'psa-proftpd')
 'Plesk component name': 'psa-spamassassin' => 'psa-spamassassin')
 'Plesk component name': 'psa-turba' => 'psa-turba')
 'Plesk component name': 'resource-controller' => 'resource-controller')
 'Plesk component name': 'roundcube' => 'roundcube')
 'License': '' => 'PLSK.04009331.0064'
I upgraded to 18.0.44 which did resolve the speed of Plesk Panel but some sites are still slow. Server resource usage is normal.

I dived into this and discovered that for instance Wordpress is giving below errors on updates and plugin external communications;
cURL error 28: Resolving timed out after 5515 milliseconds

Apparently cURL cannot resolve;
monsterinsights.com
WordPress.org
smtp.office365.com
and basically all other urls.

When I turn the Plesk Firewall extension off the issue is resolved.
But of course I want to keep the firewall enabled.

1. What setting do I need to allow outgoing cURL requests or specify what domains are allowed? I can only whitelist ports and ip's.
2. Is there a log somewhere that shows all blocked requests to easily troubleshoot this issue?

Thanks in advance!
 
Hi,
My resolv.conf already points to Google DNS 8.8.8.8 and when I try

time wget WordPress.org

I get a quick response of;

real 0m0.836s
user 0m0.010s
sys 0m0.011s

Also disabling the firewall solves the issue so I don't think it is DNS related.
 
Also some sites are still painfully slow, firewall has nothing to do with this. Is since auto updates by Plesk. I can't seem to pinpoint the cause.
Already performed Plesk toolbox checks even database and file system no errors found.

When I try to update a wordpress site I get;

Update failed: 504 Gateway Time-out 504 Gateway Time-out nginx
 
P.s. this 504 error happens with both installations of new plugins and updates.
It looks like the error is caused by exceeding script run time instead of not being able to reach wordpress.org...because all tests I performed through SSH are OK but it still fails even after turning firewalls off...
 
Have you tried turning off the web application firewall in the subscription?

Have you checked if fail2ban is blocking the IP address of the server?

Are there any related errors in the error_log of the subscription?
 
maartenv said:
Have you tried turning off the web application firewall in the subscription?

Have you checked if fail2ban is blocking the IP address of the server?

Are there any related errors in the error_log of the subscription?
Click to expand...
We are not using application firewall / mod security
Yes, fail2ban is not blocking it. I checked.
Only errors that are in error_log are below but these do not seem to be related...

Code: 
[Thu Jun 02 00:36:25.289738 2022] [proxy_fcgi:error] [pid 16116:tid 140170593195776] [client 195.123.240.173:39380] AH01068: Got bogus version 45
[Thu Jun 02 00:36:25.290001 2022] [proxy_fcgi:error] [pid 16116:tid 140170593195776] (22)Invalid argument: [client 195.123.240.173:39380] AH01075: Error dispatching request to :
[Thu Jun 02 03:37:34.006019 2022] [proxy_fcgi:error] [pid 11498:tid 140170426812160] [client 52.11.132.187:38628] AH01068: Got bogus version 45
[Thu Jun 02 03:37:34.028443 2022] [proxy_fcgi:error] [pid 11498:tid 140170426812160] (22)Invalid argument: [client 52.11.132.187:38628] AH01075: Error dispatching request to :
[Thu Jun 02 05:52:21.103675 2022] [proxy_fcgi:error] [pid 25520:tid 140206469207808] [client 195.123.241.30:59852] AH01068: Got bogus version 45
[Thu Jun 02 05:52:21.103723 2022] [proxy_fcgi:error] [pid 25520:tid 140206469207808] (22)Invalid argument: [client 195.123.241.30:59852] AH01075: Error dispatching request to :
[Thu Jun 02 10:49:21.675322 2022] [proxy_fcgi:error] [pid 32469:tid 139661749982976] [client 194.110.30.27:55140] AH01068: Got bogus version 45
[Thu Jun 02 10:49:21.677362 2022] [proxy_fcgi:error] [pid 32469:tid 139661749982976] (22)Invalid argument: [client 194.110.30.27:55140] AH01075: Error dispatching request to :
[Thu Jun 02 10:49:58.606578 2022] [autoindex:error] [pid 32469:tid 139661741590272] [client 37.0.11.64:55522] AH01276: Cannot serve directory /var/www/vhosts/obfuscatedsitename.com/public_html/wp-admin/css/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm,index.shtml) found, and server-generated directory index forbidden by Options directive, referer: binance.com
 
I have the feeling there is something going on in the server since one of the Plesk updates a month ago that is slowing scripts so they hit the timeout and are cancelled.

When I try the WPMail plugin I frequently get this;

Send a Test Email​

The test email might have sent, but its deliverability should be improved.

Domain Check Results​

cURL error 28: Resolving timed out after 5514 milliseconds

And sometimes it will go through.
Also if i disable Word Fence plugin it might go through and after a few retries it will fail again. I think disabling Word Fence lowers the load for the subscription increasing the change the script will complete before the timeout. But that is not the main cause.
 
Other (Wordpress) subscriptions for this server have the same problem. They show messages they couldnt update since 19th of May and when you try to update a plugin it shows Update failed: 504 Gateway Time-out 504 Gateway Time-out nginx
 
Maarten thanks for your advice I have seen these links but this is not a solution.
These scripts shouldn't take so long to complete. So something has changed to the server since the last update causing these issues. Increasing the time limit just makes the user wait longer...or am I missing something?
 
This issue feels similar to what I recently experienced on a CentOS 7 server. I am curious about your Firewall setup. Can you check if firewalld is running on your server by running # systemctl status firewalld? Some providers have CentOS 7 server with Firewalld preinstalled, but it conflicts with the Firewall from Plesk. I am not sure if that's the cause of the issue tough, but it might causes problems down the road.

Secondly can you check and post output of the IP tables running # iptables -S? See if you server IP is listed.
 
Last edited:
Kaspar said:
This issue feels similar to what I recently experienced on a CentOS 7 server. I am curious about your Firewall setup. Can you check if firewalld is running on your server by running # systemctl status firewalld? Some providers have CentOS 7 server with Firewalld preinstalled, but it conflicts with Firewall from Plesk. I am not sure if that's the cause of the issue tough, but it might causes problems down the road.

Secondly can you check and post output of the IP tables running # iptables -S? See if you server IP is listed.
Click to expand...
Hi Kaspar,
Thanks for your reply.

firewalld is inactive (dead) I just checked.
iptables is running and the server ip is not listed.
 
maartenv said:
Please have a look at these support articles:


Click to expand...
After increasing the limits to 180 sec the issue with WP Mail timeout is solved but the issue when installing updates or plugins is not resolved.
They still show error';

An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums. (WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.)

However, the plugin IS installed anyways...at least is shown in the list.
 
Kaspar said:
Okay, that's good.

Try enabling the Plesk Firewall and adding a firewall rule that allows your server IP. Does that solve the issue?
Click to expand...
Well, adding the IP to both incoming and outgoing appears to have solved my issue. Very happy with that of course, but won't this impact the security of the firewall and server? Also I am still puzzled as to how this issue has occured out of nowhere...
 
TeunieP said:
Well, adding the IP to both incoming and outgoing appears to have solved my issue. Very happy with that of course, but won't this impact the security of the firewall and server? Also I am still puzzled as to how this issue has occured out of nowhere...
Click to expand...

Now I am positieve you're facing the same issue as I had. I never found the cause unfortunately. I eventually reinstalled the Plesk Firewall which solved the issue.
 
I do have some remaining issues for instance with WordFence plugin;
One Wordpress site (that didnt have the timeouts adjusted)
Rule Update Failed
No rules were updated. Please verify your site can connect to the Wordfence servers.

If I increase the nginx timeout to 180 seconds like mentioned above I get below error.
Rule Update Failed
No rules were updated. Please verify you have permissions to write to the /wp-content/wflogs directory.

The plugin can write to this dir just fine because if i rename rules.php it is re-created and the next manual sync there is no error anymore.

So I will see how this spins out.
I still think performance is not what it should be since 1 month ago...
 
Unfortunately I am still getting complaints that specific functions are not working (like communicating with external sites like booking.com plugin) and also very slow performance.

Does anyone know the answers to the following to questions I wrote earlier?
1. What setting do I need to allow outgoing cURL requests or specify what domains are allowed? I can only whitelist ports and ip's.
2. Is there a log somewhere that shows all blocked requests to easily troubleshoot this issue?
 
You must log in or register to reply here.

Similar threads

L
Issue I Can't Restore My Backups
Replies
2
Views
981
lazenes
L
Shiv
Resolved Some errors occured during update installation.
Replies
9
Views
2K
Shiv
Shiv
J
Resolved Failed update for Plesk extensions: Error in cURL request: Peer certificate cannot be authenticated
Replies
1
Views
2K
Jesse Fitzgerald
J
Servus
Resolved Error with Plesk & Aptitude
Replies
3
Views
2K
Servus
Servus
L
Issue Migrator ...
Replies
5
Views
2K
La Linea
L
Back
Top