Let's Encrypt Firefox OCSP problem: Secure Connection Failed : SOLVED

PROBLEM:

Hi team

I am having trouble with one specific server that seems to be failing HTTPS websites only in Firefox (version 50.1.0)

When browsing a website for example, https: // myexampledomain .com (without spaces) on Firefox, I get the following error;


I have the same issue with ALL https domains on that server in Firefox - however all of the same https domains work fine in all other browsers (Chrome / IE10 / Opera).

My other servers seem to be fine and all sites on them are connecting to https in Firefox without an issue - so there is something going on with this particular server.

Server info:


  • CENTOS 7.3 x86_64
  • WHM 60.0 (build 28)
  • Server Version: Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips
  • Let's Encrypt
There are no problems noted in the Manage Auto SSL logs.

In httpd.conf :


Code:
SSLUseStapling on
SSLStaplingCache shmcb:/usr/local/apache/logs/stapling_cache_shmcb(256000)
SSLStaplingReturnResponderErrors off
SSLStaplingErrorCacheTimeout 60
SSLSessionCache shmcb:/usr/local/apache/logs/ssl_gcache_data_shmcb(1024000)

I notice the above httpd.conf entry is slightly different on my other server (which is running CentOs 6.8).

Please advise, thanks.
 
SOLUTION:

Hello,

It's possible this relates to the following Apache bug:

60182 – SSLStaplingFakeTryLater Deviates From Documented Behavior of Only Being Effective When SSLStaplingReturnResponderErrors is On

If that's the case, you can add the following entry to the "Pre VirtualHost Include" section in "WHM Home » Service Configuration » Apache Configuration » Include Editor" to prevent this from happening in the future:

SSLStaplingFakeTryLater off

Thank you.       

Post a Comment

0 Comments