The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cpanel / firefox /apache sec_error_ocsp_try_server_later

Discussion in 'Security' started by vicos, Sep 20, 2015.

  1. vicos

    vicos Well-Known Member

    Joined:
    Apr 18, 2003
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    Just today starting receiving this error in Firefox when trying to connect to a site with SSL on one particular server:

    Found one recent post on the net which attributes this to an Apache 2.4 issue. I do not have this issue on another CPANEL server with LITESPEED or a third one with Apache 2.2.

    https://loopbyte.com/blog/post/how-to-resolve-apache-ssl-website-error-secerrorocsptryserverlater

    However, this following page says that the directive would usually go in some other location depending upon your OS:

    https://wiki.apache.org/httpd/OCSPStapling

    Can someone from CPANEL confirm this? I don't want to start mucking around w/o a definitive answer. My server has been running Apache 2.4 for some time and is not a recent upgrade from 2.2. I have WHM 11.50.0 (Build 30) on CentOS 6.7. I did do a reboot of the affected server on Saturday. So, I assume this either started with that or a recent cpupdate.
     
    #1 vicos, Sep 20, 2015
    Last edited: Sep 20, 2015
  2. vicos

    vicos Well-Known Member

    Joined:
    Apr 18, 2003
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    I saw that before I posted here. Unfortunately, it does not explain why it all of a sudden started happening on my CPANEL server or how to fix it. The Firefox work-around the guy suggest does not work for me and like the guy said in the link I posted, you can't exactly tell everyone who wants to use your site to change their browser settings.

    Things don't just break unless something changed. So, what changed with the CPANEL build and Apache 2.4 all of a sudden and is the loopbyte.com solution the right one?

    Can you refer this to your Apache people to look at? You know that at least 2 customers have this problem in the same time frame and that is no coincidence.
     
    #3 vicos, Sep 21, 2015
    Last edited: Sep 21, 2015
  3. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Please open a support ticket so we can examine your server. That will help us pinpoint the error and resolve it.

    Thank you!
     
  4. PhoenixUK

    PhoenixUK Member

    Joined:
    Sep 15, 2013
    Messages:
    21
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    May i ask if this was resolved and if so, how?

    I'm experiencing exactly the same issue and its driving me stark raving mad.

    Thanks in advance.
     
  5. weetabix

    weetabix Well-Known Member

    Joined:
    Oct 26, 2006
    Messages:
    56
    Likes Received:
    1
    Trophy Points:
    8
    I also have the same issue. Goes away after restarting apache and comes back after a while. Cpanel ticket didn't really help a lot, about same info as I see in this thread.

    The analyst said "This is an issue with the SSL and the CA who issued the SSL. This is not related to cPanel or the services running on your server".

    I wish that I could shake the feeling that it's not with the CA.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It's possible the CA being served by the server is not matching during the OCSP step with the browser. You may want to check with the issuing authority of the certificate, to determine if updated CA Bundles are available. If they are, then re-installing the certificate on the domain may help alleviate this without having to resort to disabling the SSL Use Stapling function. You may also want to temporarily disable your server's firewall as one of the IP addresses for the CA might be getting blocked by the firewall.

    Thank you.
     
  7. weetabix

    weetabix Well-Known Member

    Joined:
    Oct 26, 2006
    Messages:
    56
    Likes Received:
    1
    Trophy Points:
    8
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Internal case CPANEL-1851 is open to determine how to best handle this issue. There's currently no time frame on a decision, but I will update this thread with more information as it becomes available. Per the internal case:

    Thank you.
     
Loading...

Share This Page