Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Could not connect to OCSP responder

Discussion in 'Security' started by tank, Jan 21, 2018.

  1. tank

    tank Well-Known Member

    Joined:
    Apr 12, 2011
    Messages:
    254
    Likes Received:
    1
    Trophy Points:
    68
    Location:
    Chicago, IL
    cPanel Access Level:
    Root Administrator
    Hey guys getting these errors in apache

    Code:
    [Sun Jan 21 22:20:46.174120 2018] [ssl:error] [pid 28733:tid 140453395552000] AH01941: stapling_renew_response: responder error
    
    [Sun Jan 21 22:21:41.632483 2018] [ssl:error] [pid 28735:tid 140453206734592] (70007)The timeout specified has expired: [client 73.110.42.136:22287] AH01974: could not connect to OCSP responder 'ocsp.example.com'
    
    I found this thread and learned that i don't OCSP enable.

    Code:
    The certificate has been revoked. You should replace it with a new certificate as soon as possible.
    
    OCSP Staple:    Not Enabled
    OCSP Origin:    Revoked
    CRL Status:    Revoked
    
    I found the above at SSL Certificate Checker - Diagnostic Tool | DigiCert.com

    Any ideas?
     
    #1 tank, Jan 21, 2018
    Last edited by a moderator: Jan 22, 2018
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Is this a Comodo SSL certificate installed via the AutoSSL feature? If so, check to verify the DNS resolvers in your /etc/resolv.conf file are able to resolve the OCSP domain name. EX:

    Code:
    dig ocsp.comodoca.com @IP +short
    Replace "IP" with the resolver IP addresses found in your /etc/resolv.conf file.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. tank

    tank Well-Known Member

    Joined:
    Apr 12, 2011
    Messages:
    254
    Likes Received:
    1
    Trophy Points:
    68
    Location:
    Chicago, IL
    cPanel Access Level:
    Root Administrator
    All IPs correctly resolve via the command you gave to

    Code:
    178.255.83.1
    Yes is the auto SSL that comes with cpanel.
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Can you verify if this was a temporary issue, or if you continue to see this error logged to the Apache error log?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. tank

    tank Well-Known Member

    Joined:
    Apr 12, 2011
    Messages:
    254
    Likes Received:
    1
    Trophy Points:
    68
    Location:
    Chicago, IL
    cPanel Access Level:
    Root Administrator
    Whenever I go here and enter in my host name.
    I get the same error i gave you earlier and i get the attached screenshot from the website.
     

    Attached Files:

  6. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Are you using the free cPanel-signed SSL certificate for the server's hostname? If so, did you manually install that certificate to Apache in the past using "WHM >> Install a SSL Certificate on a Domain"? Doing so would require you to install the newly generated certificate each time the certificate changes (every 90 days).

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    720
    Likes Received:
    123
    Trophy Points:
    168
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    Same problem here, just spent like 3 hours trying to fix this for a customer, I've even issued a stand alone LE SSL and tried to install it on cPanel services but it always comes up with the cPanel issued SSL and that its revoked. Just submitted a ticket because my eyes are bleeding from this issue: ticket 9237463
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice