CloudLinux and SSL issue
I was having trouble with SSL on my site after installing CloudLinux. cPanel version is WHM 60 build 25, and CloudLinux CLOUDLINUX 7.3 x86_64 standard. The specific error message I received at the browser was:
An error occurred during a connection to example.com. The OCSP server suggests trying again later. Error code: SEC_ERROR_OCSP_TRY_SERVER_LATER
After talking to CloudLinux, they said,
"Here is error message from /etc/apache2/logs/error_log in moment when I was unable to open example.com
[Sat Nov 26 06:16:01.542015 2016] [ssl:error] [pid 443869] (EAI 2)Name or service not known: [client 69.175.106.198:40667] AH01972: could not resolve address of OCSP responder ocsp.domain.com
I've found the article that this was known cPanel bug but it was fixed -- [Case 80597] Apache OCSP stapling not working
So please contact cPanel support, maybe the but it reappeared. To fix this issue now, I've added to your /etc/hosts:
72.167.18.239 ocsp.domain.com
And restarted apache service. Now site example.com works, please check."
The site is now working, but is there a fix related to this? If I add other sites which use SSL, will I continue to have this issue?
The site is now working, but is there a fix related to this? If I add other sites which use SSL, will I continue to have this issue?
-
Hello, It's possible this relates to the following Apache bug if it happened when DNS had yet to propagate for the new domain name: 60182 " SSLStaplingFakeTryLater Deviates From Documented Behavior of Only Being Effective When SSLStaplingReturnResponderErrors is On If that's the case, you can add the following entry to the "Pre VirtualHost Include" section in "WHM Home " Service Configuration " Apache Configuration " Include Editor" to prevent this from happening in the future: SSLStaplingFakeTryLater off
Thank you.0
Please sign in to leave a comment.
Comments
1 comment