[Please help] OCSP Stapling question

Hi All,

Just wanted to find out if anyone has got ocsp stapling working? needing to get this working for PCI Compliance

I have setup before using Apache and Nginx but not with OLS
The panel has been enabled at 7080 and followed the litespeed steps however I am getting

HttpFetch[0]::failed to create file /usr/local/lsws//tmp/ocspcache//R86fc2931712676a7a95307547dc6d06d.tmp: Permission denied.

Values I have in the SSL setting on the list

OCSP Stapling
Enable OCSP Stapling Yes
OCSP Response Max Age (secs) 128000
OCSP Responder http://ocsp.int-x3.letsencrypt.org/
OCSP CA Certificates

I think the bottom path may be incorrect? it noted it will search the server for the cert if not entered if I understand correctly

Thanks in advance

Comments

  • I just tested.

    I enabled in SSL listener , since I only added one site in there , max-age to 43200 seconds (12 hours) and URL same as you , tested out.

    Did you change anything in /usr/local/lsws/ folder ? the error says permission issue
  • Thanks for the reply,

    I only have one site and did not change anything in usr/local/lsws/ folder, it is a standard centos 7 install..

    The only thing I can think of now that may be the issue is I deleted the 1st site added and replaced with another however all the ssl certificates have been recreated.

    I will spin up a test vps and try on a fresh install
  • The problem was a permission issue on /usr/local/lsws//tmp/ocspcache// , /usr/local/lsws//tmp/ and also had the /usr/local/lsws//autoupdate folders permission error

    Just set to permissions to 1777 and no errors must be the Centos version Vultr use as never had the issue before when testing ubuntu.

    Tested the PCI Compliance ssl test here and get A+ https://www.htbridge.com/ssl/
    Only error is in Industry Best-Practices Analysis which notes http does not redirect to https but it does, have added .htaccess codes and still the same
Sign In or Register to comment.
Support CyberPanel CyberPanel Discord

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion