OCSP Staple disabled

  • Resolved ScytheZ

    (@scythez)


    2 years, 5 months ago

    Hello,

    in the past few weeks i’ve received a few issues regarding the OCSP staple on desktops with the antivirus ESET. They give an error where neither OCSP nr CRL are enabled. And altough during the SSL install wizard the OCSP remained disabled we get the same error because both OCSP and the CRL are disabled on the Let’s Encrypt certificate. Tested with digicert. The issue is gone if i revert to the cpanel certificate.

    OCSP Staple: Not Enabled
    OCSP Origin: Good
    CRL Status: Not Enabled

    Anything i can try rather to rever to cpanel generated ssl?

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Mark

    (@markwolters)

    Hi @scythez,

    OCSP Stapling is enabled by default. You could try to regenerate a certificate using Really Simple SSL by navigating to https://www.yourdomain.com/wp-admin/options-general.php?page=rlrsssl_really_simple_ssl&tab=letsencrypt and pressing the ‘Reset Let’s Encrypt’ link in the top right corner. Afterwards, you can re-run the wizard and make sure that ‘Disable OCSP Stapling’ is unchecked. That should provide you with a Let’s Encrypt certificate with OCSP Stapling enabled.

    Thread Starter ScytheZ

    (@scythez)

    I tried it a few hours ago with no success. Are you sure if i left it unchecked it does enable it? From what i’ve tested no matter what I select during the wizard … it’s disabled at the end / when i check it afterwards.

    • This reply was modified 2 years, 5 months ago by ScytheZ.
    Plugin Author Rogier Lankhorst

    (@rogierlankhorst)

    You may need to do a full reset: if the plugin gets an invalid order response, it tries again with ocsp disabled, as some hosts do not support it.

    Resetting it will retry it with ocsp. If it generates without again, there is likely an issue with ocsp support for let’s encrypt.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘OCSP Staple disabled’ is closed to new replies.

Tags