cPanel ssl - connection limits?

marklcfc

Registered
Feb 20, 2017
1
0
1
Leicester
cPanel Access Level
Website Owner
I am experiencing issues since moving to a https / secure connection. Once it gets to the point I have 900-1000 on my site (going by real time stats on analytics) my site stops loading properly up despite server load and memory usage being low. It says 'establishing secure connection' for around 20-30 seconds and then times out.

I don't believe this happened before I switched to https. It only starts to load properly again once the number is reduced to aroud 800.

Does the free cPanel certificate that my hosts use have any limits that could cause this? Any ideas why this happens?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
Hello,

The certificates offered through cPanel do not limit the amount of visitors to your website. Do you notice any output to /usr/local/apache/logs/error_log when this happens?

Thank you.
 

asmithjr

Well-Known Member
Jun 13, 2003
516
8
168
I'm having this same issue. I checked the apache error_log and see
Code:
[Wed May 03 14:40:54.041639 2017] [ssl:error] [pid 16360] (101)Network is unreachable: [client 50.246.8.121:24575] AH01974: could not connect to OCSP responder 'ocsp.comodoca.com'
[Wed May 03 14:40:54.041732 2017] [ssl:error] [pid 16360] AH01941: stapling_renew_response: responder error
 

asmithjr

Well-Known Member
Jun 13, 2003
516
8
168
I just noticed also that I could not ping ocsp.comodoca.com.
 

asmithjr

Well-Known Member
Jun 13, 2003
516
8
168
My issue is resolved. I have CSF running. When I disabled it everything works properly so I flushed everything and restarted.
I seem to remember reading somewhere that something needed to be added for CSF but I've not found it.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
My issue is resolved. I have CSF running. When I disabled it everything works properly so I flushed everything and restarted.
I seem to remember reading somewhere that something needed to be added for CSF but I've not found it.
I'm happy to see the issue is now solved. WHM's Manage AutoSSL feature requires outbound access to the store.cpanel.net server over port 443. Additionally, Comodo’s IP addresses should be able to reach your server. You may need to whitelist them in your firewall:

178.255.81.12
178.255.81.13
91.199.212.132
199.66.201.132

Thank you.