Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Could not connect to OCSP responder

Discussion in 'Security' started by cadaverzian, Oct 10, 2017.

  1. cadaverzian

    cadaverzian Registered

    Joined:
    Oct 10, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    ukraine
    cPanel Access Level:
    Root Administrator
    We have a big trouble on all our cpanel servers :
    site's with https-connections fall down with next error:
    [Tue Oct 10 09:48:14.149790 2017] [ssl:error] [pid 1776] (101)Network is unreachable: [client 199.66.88.30:62799] AH01974: could not connect to OCSP responder 'ocsp.comodoca.com'
    [Tue Oct 10 09:48:14.150198 2017] [ssl:error] [pid 1776] AH01941: stapling_renew_response: responder error

    when we try to ping it:
    ping ocsp.comodoca.com
    PING ocsp.comodoca.com (178.255.83.1) 56(84) bytes of data.
    --- ocsp.comodoca.com ping statistics ---
    2 packets transmitted, 0 received, 100% packet loss, time 1651ms

    But ocsp.comodoca.com is accessible from other (non-cpanel servers):
    ping ocsp.comodoca.com
    PING ocsp.comodoca.com (178.255.83.1) 56(84) bytes of data.
    64 bytes from ocsp.comodoca.com (178.255.83.1): icmp_seq=1 ttl=52 time=117 ms
    64 bytes from ocsp.comodoca.com (178.255.83.1): icmp_seq=2 ttl=52 time=117 ms
    64 bytes from ocsp.comodoca.com (178.255.83.1): icmp_seq=3 ttl=52 time=117 ms

    There is no csf (or other) firewalls on server, iptables is flushed and stopped, but still:
    ping ocsp.comodoca.com
    PING ocsp.comodoca.com (178.255.83.1) 56(84) bytes of data.
    --- ocsp.comodoca.com ping statistics ---
    3 packets transmitted, 0 received, 100% packet loss, time 2412ms

    trace:
    root@server68 [~]# mtr ocsp.comodoca.com --report
    HOST: **** Loss% Snt Last Avg Best Wrst StDev
    1. ******* 0.0% 10 0.8 1.1 0.8 2.4 0.5
    2. 46.164.132.169 0.0% 10 0.7 0.5 0.3 1.0 0.2
    3. tr1-v454.de-fra.datagroup.ua 0.0% 10 26.7 26.8 26.7 27.7 0.3
    4. ffm-b1-link.telia.net 0.0% 10 26.8 27.2 26.8 29.0 0.7
    5. ae6.cr1-fra6.ip4.gtt.net 0.0% 10 27.4 27.4 27.3 27.5 0.0
    6. et-5-3-0.cr9-nyc3.ip4.gtt.ne 0.0% 10 119.2 119.1 118.9 119.4 0.2
    7. ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Are you using the default cipher list for Apache in "WHM Home » Service Configuration » Apache Configuration » Global Configuration"? Does toggling the default option for the cipher list and saving the changes address the issue?

    Thank you.
     
Loading...

Share This Page