Any problem with ocsp.comodoca.com ssl?

Hello,


We are aware of the issue with Comodo as well and we're currently tracking it as part of an internal case CPANEL-19612. We'll update this thread with more information as soon as it becomes available

You can work around this issue by temporarily disabling SSL Stapling in Apache. This will cause client browsers to perform the OCSP check instead of waiting on your server to perform the check. The quickest way to do this is to:

1) Navigate to WHM -> Service Configuration -> Apache Configuration -> Include Editor.
2) Under "Pre Virtualhost Includes" set the drop-down to "All Versions"
3) In the text box, enter the following:

SSLUseStapling off

4) Click "Update" to save the changes, and then restart Apache.

=====

Alternatively, if you wish to do this via the command line, the following can be run:

For EA4:
== == == == == == == ==
echo "SSLUseStapling off" >> /etc/apache2/conf.d/includes/pre_virtualhost_global.conf; /scripts/restartsrv_httpd
== == == == == == == ==

For EA3:
== == == == == == == ==
echo "SSLUseStapling off" >> /usr/local/apache/conf/includes/pre_virtualhost_global.conf; /scripts/restartsrv_httpd
== == == == == == == ==

Once this issue has been resolved, we recommend removing this workaround.

Thank you,

 

Hello @benwbandm

I'm sorry that it didn't work for you, looking at the internal case it appears that it was closed earlier due to the issues with Comodo having been resolved. If you're still experiencing issues with this and the workaround isn't working for you I would suggest opening a ticket using the link in my signature so we can look further into the issue for you.

 

Hi @benwbandm

Thank you for updating with the ticket number! I've noted this forum post on the ticket as well. I also noticed that you mentioned you're using Let's Encrypt for your certificate so I don't believe this will be related to OCSP issues Comodo was experiencing.

I'll check continue to check in on the ticket as well.

Thank you,

 

Hi @benwbandm

I see I'll keep watching it as well. I can see what I can do but our techs are busier than normal today, I am sorry for the delay.

 

Hi @chufrog

I just checked in on the issue that @benwbandm was having. The issue actually spawned an internal case EA-7379 the resolution of which was pushed yesterday and has solved the issue for @benwbandm servers. This issue is related to a problem with mysql-1.so within the apr-util causing segfaults when loading pages over https.

This issue did turn out to be different than the Comodo OCSP issues that were first presented in this thread but if you are experiencing this issue and the update which was pushed overnight did not resolve It I would strongly urge you to open a ticket with us using the link in my signature.


Thank you,

 

Hi @chufrog

If this is still occurring and the workaround did not work for you could you please open a ticket using the link in my signature?

From what we're seeing the comodo issue appears to be resolved at this time and the internal case has been marked as complete.


Thank you,

 

Hi @chufrog

That should work! Please let us know if you have any further issues with this.


Thank you,

 

Hello,


It does appear that Comodo is again experiencing issues with this. @chufrog can you please open a ticket so that we can take a closer look? SSLUseStapling off should resolve the issue and I'm concerned that yours may be different.

Thank you,