The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Firefox OCSP Error

Discussion in 'General Discussion' started by Dan Garrow, Jan 24, 2017.

Tags:
  1. Dan Garrow

    Dan Garrow Registered

    Joined:
    Jan 24, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United States
    cPanel Access Level:
    Root Administrator
    Hello,

    We have been receiving intermittent SEC_ERROR_OCSP_TRY_SERVER_LATER errors in Firefox since update to WHM 60.0.34 with Comodo certificates installed via AutoSSL.

    Code:
    [Tue Jan 24 15:45:19.929425 2017] [ssl:error] [pid 1576:tid 139648267380480] [client XXX.XXX.XXX.XXX:51539] AH01980: bad response from OCSP server: 307 Temporary Redirect
    [Tue Jan 24 15:45:19.929512 2017] [ssl:error] [pid 1576:tid 139648267380480] AH01941: stapling_renew_response: responder error
    We have tried SSLStaplingFakeTryLater off in "Pre VirtualHost Include" section in "WHM Home » Service Configuration » Apache Configuration » Include Editor" and the intermittent issue persists.

    httpd.conf
    Code:
        <IfModule socache_shmcb_module>
            SSLUseStapling on
            SSLStaplingCache shmcb:/var/run/apache2/stapling_cache_shmcb(256000)
    
            # Prevent browsers from failing if an OCSP server is temporarily broken.
            SSLStaplingReturnResponderErrors off
            SSLStaplingErrorCacheTimeout 60
            SSLSessionCache shmcb:/var/run/apache2/ssl_gcache_data_shmcb(1024000)
        </IfModule>
        <IfModule !socache_shmcb_module>
            SSLSessionCache dbm:/var/run/apache2/ssl_gcache_data_dbm
        </IfModule>
    
        SSLSessionCacheTimeout  300
        Mutex                   file:/var/run/apache2 ssl-cache
        SSLRandomSeed startup builtin
        SSLRandomSeed connect builtin
    
        AddType application/x-x509-ca-cert .crt
        AddType application/x-pkcs7-crl .crl
    </IfModule>

    CENTOS 6.8 x86-64
    WHM 60.0 (build 35)
    Server Version: Apache/2.4.25 (cPanel) OpenSSL/1.0.1e-fips mod_bwlimited/1.4

    Thank you
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,171
    Likes Received:
    1,295
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Do you have any firewall rules enabled on this system? If so, could you review your firewall logs for the time referenced in the log output above to see if you notice any activity related to this connection request to the OCSP server?

    Thank you.
     
Loading...

Share This Page