服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Apache stapling_renew_response:响应者错误
Intereting Posts
Windows自动维护任务延迟几个小时 ulimit没有体现在jenkins master在redhat上运行 阻止访问C驱动器Windows XP和2003服务器 反向代理Linux容器 如何使用MRTG监控dynamicnetworking接口? (* nix中) Ubuntu的Apache2服务器不允许CORS或读取.htaccess 在Nginx中使用Stream Proxy作为NTLM时,如何replace页面链接中的URL 托pipeMySQL数据库的服务器configuration 是否值得将Plesk更新到更新的版本? 镜像服务器进行集群 转发到https保持URL完整/完整 错误的差异:单字符文件没有换行输出错误 将200域从Win2003 DNS服务器迁移到另一个域 从一个专用的Linux服务器迁移到另一个? 保护Exchange邮箱

Apache stapling_renew_response:响应者错误

我的Apache错误日志显示了很多“stapling_renew_response:responder”错误。 希望能添加一个浏览器截图,但我是一个新手,因此没有授权。 这是浏览器显示的内容: 

"Secure Connection Failed An error occurred during a connection to www.mysite.co.uk. The OCSP server suggests trying again later. (Error code: sec_error_ocsp_try_server_later)

这是一个间歇性故障,但是当我重新启动Apache时,问题暂时消失。 当Apache尝试parsingOCSP响应者的地址时,看起来问题就出现了。 

 [Mon Jun 30 16:00:52.666880 2014] [ssl:error] [pid 20449] (EAI 3)Temporary failure in name resolution: [client 12.34.56.78.9:54254] AH01972: could not resolve address of OCSP responder EVSSL-ocsp.geotrust.com [Mon Jun 30 16:00:52.666954 2014] [ssl:error] [pid 20449] AH01941: stapling_renew_response: responder error [Wed Jul 02 21:16:00.660224 2014] [ssl:error] [pid 13700] (EAI 3)Temporary failure in name resolution: [client 12.34.56.78.9:7467] AH01972: could not resolve address of OCSP responder rapidssl-ocsp.geotrust.com [Wed Jul 02 21:16:00.660284 2014] [ssl:error] [pid 13700] AH01941: stapling_renew_response: responder error [Mon Jul 07 13:00:48.082422 2014] [ssl:error] [pid 23502] (EAI 3)Temporary failure in name resolution: [client 12.34.56.78.9:62983] AH01972: could not resolve address of OCSP responder rapidssl-ocsp.geotrust.com [Mon Jul 07 13:00:48.082505 2014] [ssl:error] [pid 23502] AH01941: stapling_renew_response: responder error

从我的http.conf文件中: 

 SSLUseStapling on SSLStaplingCache shmcb:/usr/local/apache/logs/stapling_cache_shmcb(256000) SSLSessionCache shmcb:/usr/local/apache/logs/ssl_gcache_data_shmcb(1024000) SSLSessionCacheTimeout 300 Mutex file:/usr/local/apache/logs ssl-cache SSLRandomSeed startup builtin SSLRandomSeed connect builtin

我用这个命令检查了OCSP Stapling:echo QUIT | openssl s_client -connect www.mysite.com:443 -status 2> / dev / null | grep -A 17'OCSP响应:'| grep -B 17'下次更新'

并收到这个响应,显示它的工作: 

 OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: CN = RapidSSL TGV OCSP Responder Produced At: Aug 8 22:59:14 2014 GMT Responses: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: 123456789XXXXXXXXXXXXXXXXXXXX Issuer Key Hash: 123456789XXXXXXXXXXXXXXXXXXXX Serial Number: ABCD123 Cert Status: good This Update: Aug 8 22:59:14 2014 GMT Next Update: Aug 15 22:59:14 2014 GMT

我检查了httpd.conf(stapling_cache_shmcb和ssl_gcac​​he_data_shmcb)中提到的caching文件,但都不存在。 他们是否存在?

任何帮助将是伟大的。