Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Could not connect to OCSP responder

Discussion in 'Security' started by tank, Jan 21, 2018.

  1. tank

    tank Well-Known Member

    Joined:
    Apr 12, 2011
    Messages:
    253
    Likes Received:
    0
    Trophy Points:
    66
    Location:
    Chicago, IL
    cPanel Access Level:
    Root Administrator
    Hey guys getting these errors in apache

    Code:
    [Sun Jan 21 22:20:46.174120 2018] [ssl:error] [pid 28733:tid 140453395552000] AH01941: stapling_renew_response: responder error
    
    [Sun Jan 21 22:21:41.632483 2018] [ssl:error] [pid 28735:tid 140453206734592] (70007)The timeout specified has expired: [client 73.110.42.136:22287] AH01974: could not connect to OCSP responder 'ocsp.example.com'
    
    I found this thread and learned that i don't OCSP enable.

    Code:
    The certificate has been revoked. You should replace it with a new certificate as soon as possible.
    
    OCSP Staple:    Not Enabled
    OCSP Origin:    Revoked
    CRL Status:    Revoked
    
    I found the above at SSL Certificate Checker - Diagnostic Tool | DigiCert.com

    Any ideas?
     
    #1 tank, Jan 21, 2018
    Last edited by a moderator: Jan 22, 2018
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,509
    Likes Received:
    1,616
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Is this a Comodo SSL certificate installed via the AutoSSL feature? If so, check to verify the DNS resolvers in your /etc/resolv.conf file are able to resolve the OCSP domain name. EX:

    Code:
    dig ocsp.comodoca.com @IP +short
    Replace "IP" with the resolver IP addresses found in your /etc/resolv.conf file.

    Thank you.
     
  3. tank

    tank Well-Known Member

    Joined:
    Apr 12, 2011
    Messages:
    253
    Likes Received:
    0
    Trophy Points:
    66
    Location:
    Chicago, IL
    cPanel Access Level:
    Root Administrator
    All IPs correctly resolve via the command you gave to

    Code:
    178.255.83.1
    Yes is the auto SSL that comes with cpanel.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,509
    Likes Received:
    1,616
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Can you verify if this was a temporary issue, or if you continue to see this error logged to the Apache error log?

    Thank you.
     
  5. tank

    tank Well-Known Member

    Joined:
    Apr 12, 2011
    Messages:
    253
    Likes Received:
    0
    Trophy Points:
    66
    Location:
    Chicago, IL
    cPanel Access Level:
    Root Administrator
    Whenever I go here and enter in my host name.
    I get the same error i gave you earlier and i get the attached screenshot from the website.
     

    Attached Files:

  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,509
    Likes Received:
    1,616
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Are you using the free cPanel-signed SSL certificate for the server's hostname? If so, did you manually install that certificate to Apache in the past using "WHM >> Install a SSL Certificate on a Domain"? Doing so would require you to install the newly generated certificate each time the certificate changes (every 90 days).

    Thank you.
     
  7. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    605
    Likes Received:
    93
    Trophy Points:
    153
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    Same problem here, just spent like 3 hours trying to fix this for a customer, I've even issued a stand alone LE SSL and tried to install it on cPanel services but it always comes up with the cPanel issued SSL and that its revoked. Just submitted a ticket because my eyes are bleeding from this issue: ticket 9237463
     
Loading...

Share This Page