https://bz.apache.org/bugzilla/show_bug.cgi?id=63231
Bug ID: 63231 Summary: Failing OSCP staple blocks httpd server Product: Apache httpd-2 Version: 2.4.38 Hardware: PC Status: NEW Severity: major Priority: P2 Component: mod_ssl Assignee: bugs@httpd.apache.org Reporter: ch...@lodesys.com Target Milestone: --- Running an Apache web server out of an IBM Softlayer server farm in Dallas. Evey so often, the Apache hpptd child process restarts (as it should) then stops responding to page requests when it cannot access OSCP stapling. The latest was this morning (all times MST) between 2:31 am and 3:01 am. Here's a sample from the log file... [Mon Mar 04 02:31:15.367980 2019] [mpm_winnt:notice] [pid 18232:tid 532] AH00418: Parent: Created child process 18324 [Mon Mar 04 02:31:32.649236 2019] [mpm_winnt:notice] [pid 18324:tid 3236] AH00354: Child: Starting 1024 worker threads. [Mon Mar 04 02:31:35.385082 2019] [ssl:error] [pid 18324:tid 24368] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. : [client 207.46.13.24:5884] AH01977: failed reading line from OCSP server [Mon Mar 04 02:31:35.385082 2019] [ssl:error] [pid 18324:tid 24368] [client 207.46.13.24:5884] AH01980: bad response from OCSP server: (none) [Mon Mar 04 02:31:35.385082 2019] [ssl:error] [pid 18324:tid 24368] AH01941: stapling_renew_response: responder error The 3 [ssl:error] lines keep repeating over and over (I have over 40 sites hosted on my server including lodesys.com and k12irc.org). Apache is restarted automatically every 5 minutes when not responding. The errors persisted until 3:01 am when the OSCP server appears to have started responding again and no more problems. Have a ticket in with LetsEncrypt to see what's going on on their end, but would expect that Apache httpd would not lock up when the OCSP server stops responding. Here's my Apache config lines... SSLUseStapling on SSLStaplingResponderTimeout 2 SSLStaplingReturnResponderErrors off SSLStaplingFakeTryLater off SSLStaplingCache "shmcb:${SRVROOT}/logs/ssl_stapling(128000)" SSLStaplingStandardCacheTimeout 86400 SSLSessionCache "shmcb:${SRVROOT}/logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 This issue has happened intermittently over the last week or two. I am looking at the option of just turning off SSLUseStapling as I need the sites up and running 24/7. Would be nice to get this fixed. Any ideas would be appreciated. This has been reported previously in Bug 61818. Using the current ApacheLounge build. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org