After upgrade from EA3 to EA4 website with SSL is very slow

[bipsalam]

I upgraded from easyApache 3 to easyApache 4 and upgrading was smooth without any issues.
I have four website on my vps server out of them two is using ssl (https). The website with SSL become very very slow and sometime browser is unable to fetch the website. Websites without SSL (https) are loading fine.
Also I noticed if I access my website with https then it loads very slow and if I access the same website without https then it loads faster. This issues appears right after I upgrade to easyApache-4.
I have also uninstall "opcache" but still same issues. My https websites are not on WordPress (it is just php with database) so I can't blame any plugins.

Please suggest.

 

[kernow]

Check for errors in the address bar, is the padlock green or shows a warning? any certificate errors?
Check your log files

grep username /etc/apache2/logs/error_log

 

[bipsalam]

yes the padlock is green and no any warnings.
I checked the error_log and found this :
[Thu Oct 12 01:26:33.450697 2017] [:error] [pid 1417:tid 139710197249792] [client 89.144.12.15:50954] File does not exist: /home/*****/public_html/c99.php.suspected
[Thu Oct 12 01:26:30.076672 2017] [:error] [pid 1197:tid 139710239209216] [client 89.144.12.15:57395] File does not exist: /home/*****/public_html/wso2.php.suspected

I don't understand what this "c99.php.suspected" is and I do not see any such files in my file manager (cpanel)

 

[cPanelMichael]

Hello,

Check to see if the following threads help to address this issue:

SOLVED - SSL Slowness
SOLVED - SSL slow first time

Thank you.

 

[rpvw]

There are many references to php files being changed to .suspected and also to malicious web shells called c99.php (do a search using your favorite search engine for c99.php.suspected )

There is also a thread in this forum that alludes to your site (or the server that hosts it) possibly being compromised : .php.suspected

Remember, the log entries about the 'suspected' files do NOT signify that your server was, or is, compromised.

Additionally, the log entries probably had nothing to do with the EA3 to EA4 migration, and the log entries may be random calls to your site to see if someone had managed to infect it with a php shell, nor does it necessarily signify that some CMS like Joomla or Wordpress (or any add-ons) are responsible as the compromise vector - it doesn't even follow that your php site was responsible, but I would take every measure to scan, and audit your code base and files and database for any exploitable code and/or any files you are not expecting. Remember that root shells can be triggered from pretty much anywhere and it would be prudent to run a scan with rkhunter, or something similar, on the server.



If you are in any doubt at all that the server has been compromised, set up a new one and migrate the sites across to it ensuring that each one has been adequately sanitized before the transfer. There is an excellent article in the cPanel documentation that you may like to study : Why can't I clean a hacked machine - cPanel Knowledge Base - cPanel Documentation

 

[bipsalam]

@cPanelMichael - Thanks for pointing me to two links.

I added "SSLUseStapling off" in WHM --> Apache Config.. --> Include Editor. And now SSL's websites are loading fast.
Please tell me, is it ok to leave it turned "off" for forever. I mean... does it will create any issues with my cert or is it bad for my site visitors. Is there are disadvantage.... Do suggest please.

 

[bipsalam]

ooops! the issues came back. Now I noticed that website become slow randomly at any moment and then after an hour or so it start loading fast. This slow fast/ fast slow is harming my online business. Yesterday my adsense income was $50 where it used to be $100+. I am planning to revert back to easyApache-3

Also I have noticed that right the moment I restart apache, website loads fast and goes loading fast for two or three continuous hours and then again become slow. The slow loading last for two three hours and then again loads faster. This is weird... Please someone suggest :-( Earlier with easyApache-3 I have never faced such issues.

 

[cPanelMichael]

Hello,

Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look.

Thank you.

 

[bipsalam]

thanks. Ticket created - support request ID: 8946229

 

[Alrissa]

Just an aside I noticed this (ocassional, temporary delay) happens for me sometimes when a crawler (legitimate or not) is hammering a site which redirects to https from http which introduces a tiny bit of delay. Especially if it's a CMS like wordpress without caching.

It's an easy possibility to eliminate by just glancing at the access logs so I thought I might mention it an no one came in afterwards to say what the thing was.