Articles in this section

See more

Websites/webmail hosted in Plesk are not accessible: Unable to connect, connection timed out or This site can’t be reached

Avatar
Plesk Agent shadow
Updated
Follow
Plesk for Windows Plesk for Linux kb: technical ABT: Group B

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Symptoms

  • Plesk control panel, a website or webmail cannot be reached with one of the following error messages in a browser:

    PLESK_INFO: Unable to connect

    PLESK_INFO: Your Internet access is blocked ERR_NETWORK_ACCESS_DENIED

    PLESK_INFO: This site can’t be reached
    example.com took too long to respond
    ERR_CONNECTION_TIMED_OUT

    PLESK_INFO: The connection has timed out

    PLESK_INFO: ERR_SSL_VERSION_OR_CIPHER_MISMATCH

  • MXToolBox TCP Port Status tool reports that ports 80/443 are filtered as well as the nmap utility:

    # nmap 203.0.113.2 -p 80,443
    PORT STATE SERVICE
    80/tcp filtered http
    443/tcp filtered https

  • A domain resolves to a proper IP address that belongs to a Plesk server:

    # dig +short example.com
    203.0.113.2

  • A "curl" request from inside a Plesk server works successfully for http/https:

    # curl -I http://example.com/
    HTTP/1.1 200 OK

    # curl -I http://example.com/
    HTTP/1.1 301 Moved Permanently

  • A "curl" request from an external network fails for http/https with timeout:

    # curl -I http://example.com
    curl: (7) Failed connect to example.com:80; Connection timed out

Cause

Ports 80 or/and 443 are blocked by a firewall.

Resolution

If the ports are blocked on a server level, in order to manage the firewall, the following can be performed:

Click on a section to expand

Managing firewall ports via Plesk

  1. Install Plesk firewall.

  2. In Plesk, go to Tools & Settings > Firewall and click Enable Firewall Rules Management.

    Click Install

  3. Once Plesk Firewall is enabled, make sure that the WWW server rule is enabled. This rule allows connections via ports 80 and 443.

    Click Install

Managing firewall rules via a command-line interface

  1. Connect to the server via SSH.

  2. Allow inbound connections via ports 80, 443 in a firewall:

    For SystemD based OSes:

    # firewall-cmd --zone=public --permanent --add-port=80/tcp
    # firewall-cmd --zone=public --permanent --add-port=443/tcp
    # firewall-cmd --reload

    For SystemV bases OSes:

    # iptables -I INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
    # iptables -I INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT
    # iptables-save

    Depending on a server infrastructure, way to open 80/443 port may vary. For example, using the "firewall-cmd" utility, or, if it is an Amazon or Alibaba Cloud server, firewall settings may be managed from account directly without accessing the server.

    Note: If 80/443 is still shown as "filtered", it means that it is blocked somewhere outside of the server: on a network level, or on an Internet Service Provider side. In this case, contact your network administrator or ISP.

Solution for Amazon (AWS) instances

  1. Log in to your EC2 Management console.

  2. Navigate to Instances > select a required instance > click on a security group name.

    Click Install

  3. On the Security Groups page, switch to the Inbound tab > click Edit > and add two new rules: HTTP for port 80 and HTTPS for port 443:

    Click Install

Note: for Amazon Lightsail, visit the following link: Open Access to Plesk Services on an Amazon Lightsail Instance

Additional information

Note: If there are additional software that extends standard firewall (e.g. APF, Bitninja, Imunify360), it should be configured as well in accordance to its documentation.

Note: If the the issue persists after enabling the ports from the server firewall and any other additional software from within the server, contact your Service Provider.

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles