Could not connect to OCSP responder error

Scott Galambos

• August 21, 2018 22:47

I get a lot of the following. My "SSL Cipher Suite" setting in Home > Service Configuration > Apache Configuration > Global Configuration is set to default. Anyone know why? [Tue Aug 21 23:41:38.025182 2018] [ssl:error] [pid 6198] AH01941: stapling_renew_response: responder error [Tue Aug 21 23:41:40.663746 2018] [ssl:error] [pid 6291] (101)Network is unreachable: [client 40.77.167.83:1851] AH01974: could not connect to OCSP responder 'ocsp.comodoca.com' [Tue Aug 21 23:41:40.663783 2018] [ssl:error] [pid 6291] AH01941: stapling_renew_response: responder error [Tue Aug 21 23:41:41.168797 2018] [ssl:error] [pid 6288] (101)Network is unreachable: [client 71.241.248.162:46144] AH01974: could not connect to OCSP responder 'ocsp.comodoca.com' [Tue Aug 21 23:41:41.168842 2018] [ssl:error] [pid 6288] AH01941: stapling_renew_response: responder errorr 'ocsp.comodoca.com'

• 

  cPanelMichael

  • August 22, 2018 19:00

  AH01974: could not connect to OCSP responder

  
  Hi Scott, I don't see any recent outage reports from Comodo on their

  0
• 

  Scott Galambos

  • August 22, 2018 19:33

  Its constantly happening. Never stops. 3 times or so a minute.

  0
• 

  Scott Galambos

  • August 22, 2018 19:38

  This works fine and resolves fine for your info. I have a bunch of domains that are password protected by apache. Not sure if thats it. server: dig ocsp.comodoca.com @MYDNS_IP +short ocsp.comodoca.com.edgesuite.net. a652.dscb.akamai.net. 184.84.243.64 184.84.243.42

  0
• 

  cPanelMichael

  • August 22, 2018 19:43

  Hello Scott, Do you have any firewall rules that could potentially block traffic to or from the Comodo OCSP IP addresses? Thank you.

  0
• 

  Scott Galambos

  • August 23, 2018 19:06

  No, no rules. And no problem telneting to 184.84.243.x either. I added 184.84.243.0/24 to csf.allow anyway to be safe.

  0
• 

  cPanelMichael

  • August 23, 2018 19:29

  No, no rules. And no problem telneting to 184.84.243.x either. I added 184.84.243.0/24 to csf.allow anyway to be safe.

  
  Could you open a

  0
• 

  WorkinOnIt

  • October 09, 2018 13:26

  I had the same repetitive error last year and opened a support ticket (8873739 - SSL stapling error) and had a very helpful tech who informed me it was because IPV6 was enabled on my network, but hadn't been configured in the server - Since I am not using IPV6, I disabled it. I don't know if this is the same issue you have, but I was able to solve it via the following steps (I am not suggesting you do this, unless it's the same issue you are facing) 1) add to etc/sysctl.conf net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 Then execute with # sysctl -p 2) rebuild Apache # netstat -tpln |grep http 3) reboot server Problem was solved.

  0
• 

  Usif Nasirov

  • April 24, 2020 23:08

  No, no rules. And no problem telneting to 184.84.243.x either. I added 184.84.243.0/24 to csf.allow anyway to be safe.

  
  your problem maybe solved)) but I want to leave note for someone who need to help. I did ping is everything is ok. ping successfully. just I systemctl stop csf /scripts/updatesigningkey /scripts/mainipcheck That's all, problem solved. Maybe someone has the similar problem.

  0

Please sign in to leave a comment.