Jump to content
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble
NickTheGreek

AH01941: stapling_renew_response: responder error

Recommended Posts

31232238_1647673425318982_35193517104997

noticed this today

[Mon Apr 23 14:43:17.269029 2018] [ssl:error] [pid 26654:tid 140572910118656] AH01941: stapling_renew_response: responder error
[Mon Apr 23 14:43:32.308002 2018] [ssl:error] [pid 26035:tid 140572815709952] (70007)The timeout specified has expired: [client 94.66.43.86:39010] AH01974: could not connect to OCSP responder 'ocsp.comodoca.com'
[Mon Apr 23 14:43:32.308091 2018] [ssl:error] [pid 26035:tid 140572815709952] AH01941: stapling_renew_response: responder error
[Mon Apr 23 14:43:35.311210 2018] [ssl:error] [pid 27055:tid 140572773750528] (70007)The timeout specified has expired: [client 85.76.98.195:27343] AH01974: could not connect to OCSP responder 'ocsp.comodoca.com'

and decided to look around

https://forums.cpanel.net/threads/any-problem-with-ocsp-comodoca-com-ssl.625667/

We are aware of the issue with Comodo as well and we're currently tracking it as part of an internal case CPANEL-19612. We'll update this thread with more information as soon as it becomes available



You can work around this issue by temporarily disabling SSL Stapling in Apache. This will cause client browsers to perform the OCSP check instead of waiting on your server to perform the check. The quickest way to do this is to:

1) Navigate to WHM -> Service Configuration -> Apache Configuration -> Include Editor.
2) Under "Pre Virtualhost Includes" set the drop-down to "All Versions"
3) In the text box, enter the following:

SSLUseStapling off

4) Click "Update" to save the changes, and then restart Apache.

=====

Alternatively, if you wish to do this via the command line, the following can be run:

For EA4:
== == == == == == == ==
echo "SSLUseStapling off" >> /etc/apache2/conf.d/includes/pre_virtualhost_global.conf; /scripts/restartsrv_httpd
== == == == == == == ==

For EA3:
== == == == == == == ==
echo "SSLUseStapling off" >> /usr/local/apache/conf/includes/pre_virtualhost_global.conf; /scripts/restartsrv_httpd
== == == == == == == ==

Once this issue has been resolved, we recommend removing this workaround.

Thank you,

 

still looking for more resources

 

https://support.comodo.com/index.php?/comodo/Knowledgebase/Article/View/1016/0/enable-ocsp-stapling-on-apache

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×