Hello List,
Apache is 2.4.39, System is Ubuntu 18.04 and 16.04
since yesterday evening we have massive mod_ssl problems with ssl stapling:
Apr 24 11:20:59 myhostname apache2[16094]: [ssl:error] [pid 16094]
AH01941: stapling_renew_response: responder error
We had complaints about slow webpages, this forced us to deactivate
stapling on all our servers.
Affected are certificates of sectigo (previously comodo) with ocsp-url
http://ocsp.sectigo.com
I cant confirm for other providers, we use comodo/sectigo the most.
But it seems there is no basic problem on our system/network because i
can manually confirm ocsp status with openssl on affected machines:
# openssl ocsp -issuer bundle -cert crt -url http://ocsp.sectigo.com
WARNING: no nonce in response
Response verify OK
crt: good
This Update: Apr 22 12:46:48 2019 GMT
Next Update: Apr 26 12:46:48 2019 GMT
I try to figure out on which side problem is. We use basic sslstapling
directives in /etc/apache2/mods-enabled/ssl.conf
this is unchanged for months
SSLUseStapling On
SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_stapling(2560000)
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
Is there somebody who can confirm this behaviour and explain what happens?
Thansk,
Hajo
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|