Background:
* I have a school email (google account) domain hosted at Google (it's an account domain), i.e. all users are xxxx@cpem17.com.ar.
* I'm setting up moodle to work with students from this school (cpem17) and I would like for students to be able to login to my moodle using their current google (cpem17) account and password (and therefore avoid multiple users/passwords, etc which tend to confuse unnecessarily).
* I have moodle (3.3.4) set up in my domain: roberts.com.ar/moodle (installed in subfolder moodle, NOT the site root)
* I have an SSL certificate installed on: roberts.com.ar and www.roberts.com.ar
What I've done
* I set up the api on console.developers.google.com (I am also an admin for the cpem17 domain at google) and have my Client ID and Client Secret. Set up the credentials and added the API's for Mail, Drive and Calendar (I only actually care about login as a minimum).
* I use the Moodle console (Site administration, Server, Oauth2 Services) and set up the Google service (Create Google Service). I've accepted all defaults (but put in the Client ID and Client Secret sans extra spaces at beggining or end). Haven't checked use HTTP. Ensured "Show Login on page" is checked. When saving I get: "error/Could not discover service endpoints: Failed to connect to accounts.google.com port 443: Connection refused". The first two ticks ("Configured" and "Allow Login" in green - the remaining two in red).
* I tried changing the "Service Base URL" to "https" as per other posts.
* I tried setting Moodle to HTTPS.
I CAN access the .well-known/openid-configuration at accounts.google.com from my computer (haven't tried from the server since I haven't set up SSL on it.
Can anyone enlighten me as to what I've done wrong or missed?
The objective is to have students signin/signup to the courses via their existing google(cpem17.com.ar) accounts and passwords. I don't really care if data is stored in Drive or not (though I'd like to have student being able to submit files from Drive).
EDIT:
**ADITIONAL INFORMATION**
I've got google to verify the site (via TXT record AND the http file).