OCSP SSL Certificate Error Solved

Posted on by dpepper
Reading Time: 2 minutes

Preflight Check

  • These instructions are intended specifically for solving the error: “sec_error_ocsp_try_server_later”.
  • This error can be displayed anytime a user visits a secure website using the https:// protocol in Firefox or Internet Explorer. It does not indicate a problem with the site itself, but occurs due to a change in the method these specific browsers used to check for revoked SSL certificates.
  • We’ll be logging into WebHost Manager as root to resolve the error.

Certificate revocation checks can help prevent you from accidentally visiting a site that’s using a compromised security certificate. Historically, the web browser typically would check a Certificate Revocation List directly. But the newer process, known as OCSP stapling, relies on the web server to make the check and pass along the Certificate Authority’s cached response to the browser. Because this is a newer process and not yet an Internet standard, some servers may require a minor configuration change to comply with the browser’s request. If you see this error when connecting to a site on your cPanel server, you can easily enable OCSP stapling on your server directly from WHM.

Step #1: Open the Apache Include Editor in WHM

  1. In WHM, locate and select Apache Configuration in the left menu (you can start typing “apache” to quickly narrow down the choices) to open the Apache Configuration page.WHMIncludeEditor
  2. Scroll down to Include Editor and click on it.
  3. On the Include Editor page, scroll down to the Pre-VirtualHost Include section and select All Versions underneath “I wish to edit the Pre-VirtualHost configuration include file for:”EditAllVersions
  4. Scroll past any directives that may be listed in the include file, and add the following two lines at the very bottom:SSLUseStapling on
    SSLStaplingCache shmcb:/tmp/stapling_cache(128000)

    Note: Do not edit or alter any other directives that may be listed; make sure you’re simply adding the two lines above to the very bottom of the file.
  5. Click on the blue Update at the bottom to save the include file.

Step #2: Restart Apache to Apply the Settings

All you need to do to apply the new settings is to restart Apache. WHM makes that easier by presenting you with a Restart Apache button once you’ve saved your changes in the previous step.

RestartApache

Avatar for dpepper

About the Author: dpepper

Latest Articles

Blocking IP or whitelisting IP addresses with UFW

Read Article

CentOS Linux 7 end of life migrations

Read Article

Use ChatGPT to diagnose and resolve server issues

Read Article

What is SDDC VMware?

Read Article

Best authentication practices for email senders

Read Article