Hello List, Apache is 2.4.39, System is Ubuntu 18.04 and 16.04
since yesterday evening we have massive mod_ssl problems with ssl stapling: Apr 24 11:20:59 myhostname apache2[16094]: [ssl:error] [pid 16094] AH01941: stapling_renew_response: responder error We had complaints about slow webpages, this forced us to deactivate stapling on all our servers. Affected are certificates of sectigo (previously comodo) with ocsp-url http://ocsp.sectigo.com I cant confirm for other providers, we use comodo/sectigo the most. But it seems there is no basic problem on our system/network because i can manually confirm ocsp status with openssl on affected machines: # openssl ocsp -issuer bundle -cert crt -url http://ocsp.sectigo.com WARNING: no nonce in response Response verify OK crt: good This Update: Apr 22 12:46:48 2019 GMT Next Update: Apr 26 12:46:48 2019 GMT I try to figure out on which side problem is. We use basic sslstapling directives in /etc/apache2/mods-enabled/ssl.conf this is unchanged for months SSLUseStapling On SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_stapling(2560000) SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off Is there somebody who can confirm this behaviour and explain what happens? Thansk, Hajo --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
