>Just to confirm, you’ve got a development site running on a bare IP address?
Actually, no. The development site is running on its own domain name, and I have Apache basic auth running on it so that the public — and search engines — can’t back their way into it.
Essentially, I think the SS plugin was making a connection to itself and basic auth was prompting it (invisibly) for a password.
Here’s more info about basic auth.
https://httpd.apache.org/docs/current/programs/htpasswd.html
I was able to resolve this myself. The loopback issue was compounded by my having basic auth enforced on this server. (It’s a development server.) When I disabled basic auth and restarted Apache, I then got a 200 on the loopback test, which then freed up the plugin.
