Let's Encrypt Firefox OCSP problem: Secure Connection Failed

WorkinOnIt

Well-Known Member
Aug 3, 2016
256
41
78
UK
cPanel Access Level
Root Administrator
Hi team

I am having trouble with one specific server that seems to be failing HTTPS websites only in Firefox (version 50.1.0)

When browsing a website for example, https: // myexampledomain .com (without spaces) on Firefox, I get the following error;

Secure Connection Failed

An error occurred during a connection to myexampledomain.com. The OCSP server suggests trying again later. Error code: SEC_ERROR_OCSP_TRY_SERVER_LATER

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
I have the same issue with ALL https domains on that server in Firefox - however all of the same https domains work fine in all other browsers (Chrome / IE10 / Opera).

My other servers seem to be fine and all sites on them are connecting to https in Firefox without an issue - so there is something going on with this particular server.

Server info:

  • CENTOS 7.3 x86_64
  • WHM 60.0 (build 28)
  • Server Version: Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips
  • Let's Encrypt
There are no problems noted in the Manage Auto SSL logs.

In httpd.conf :

Code:
SSLUseStapling on
SSLStaplingCache shmcb:/usr/local/apache/logs/stapling_cache_shmcb(256000)
SSLStaplingReturnResponderErrors off
SSLStaplingErrorCacheTimeout 60
SSLSessionCache shmcb:/usr/local/apache/logs/ssl_gcache_data_shmcb(1024000)

I notice the above httpd.conf entry is slightly different on my other server (which is running CentOs 6.8).

Please advise, thanks.
 
Last edited by a moderator:

WorkinOnIt

Well-Known Member
Aug 3, 2016
256
41
78
UK
cPanel Access Level
Root Administrator
After some Googling, I came across a solution which I have tried it and it works for me:

  • Login to your WHM with root access.
  • Go to ‘Service configuration’ > Apache Configuration > Include Editor
  • Go to Pre VirtualHost Include > select php version 2.4.xx > insert ‘SSLUseStapling off’ in the column > click Update
  • Click ‘Restart Apache’
Source: ipserverone.info/uncategorized/how-to-resolve-apache-ssl-website-error-sec_error_ocsp_try_server_later/
However, I am concerned that turning SSLUseStapling OFF will have negative connotations. Could someone from cPanel please comment?

Thanks
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,903
2,237
463