[Please help] OCSP Stapling question — CyberPanel - WebHosting Control Panel for OpenLiteSpeed

[Please help] OCSP Stapling question

Hi All,

Just wanted to find out if anyone has got ocsp stapling working? needing to get this working for PCI Compliance

I have setup before using Apache and Nginx but not with OLS
The panel has been enabled at 7080 and followed the litespeed steps however I am getting

HttpFetch[0]::failed to create file /usr/local/lsws//tmp/ocspcache//R86fc2931712676a7a95307547dc6d06d.tmp: Permission denied.

Values I have in the SSL setting on the list

OCSP Stapling
Enable OCSP Stapling Yes
OCSP Response Max Age (secs) 128000
OCSP Responder http://ocsp.int-x3.letsencrypt.org/
OCSP CA Certificates

I think the bottom path may be incorrect? it noted it will search the server for the cert if not entered if I understand correctly

Thanks in advance


  • I just tested.

    I enabled in SSL listener , since I only added one site in there , max-age to 43200 seconds (12 hours) and URL same as you , tested out.

    Did you change anything in /usr/local/lsws/ folder ? the error says permission issue
  • Thanks for the reply,

    I only have one site and did not change anything in usr/local/lsws/ folder, it is a standard centos 7 install..

    The only thing I can think of now that may be the issue is I deleted the 1st site added and replaced with another however all the ssl certificates have been recreated.

    I will spin up a test vps and try on a fresh install
  • The problem was a permission issue on /usr/local/lsws//tmp/ocspcache// , /usr/local/lsws//tmp/ and also had the /usr/local/lsws//autoupdate folders permission error

    Just set to permissions to 1777 and no errors must be the Centos version Vultr use as never had the issue before when testing ubuntu.

    Tested the PCI Compliance ssl test here and get A+ https://www.htbridge.com/ssl/
    Only error is in Industry Best-Practices Analysis which notes http does not redirect to https but it does, have added .htaccess codes and still the same
  • I think this issue happens when server running user/group is changed.
    How did you install it? And did you make any changes?
  • Yes. I saw this bug in my code, also for the RPM users, we will update the script to make sure the permission is correct.
    Right now, can you just run this command in the terminal to fix the issue.

    cd /usr/local/lsws
    chown -R nobody:nogroup autoupdate/ tmp/
    chmod -R 755 autoupdate/ tmp/

  • Hi, I got still the same errors running latest Cyberpanel>
    But when I do command you suggest I get:
    chown: invalid group: 'nobody:nogroup'
  • Hi, I got still the same errors running latest Cyberpanel>
    But when I do command you suggest I get:
    chown: invalid group: 'nobody:nogroup'
    Try this code, it should be fix this error:

    cd /usr/local/lsws//tmp/
    chown -R nobody:nobody ocspcache
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

This Site is currently in maintenance mode.
Please check back here later.

→ Site Settings