Running an Apache web server out of an IBM Softlayer server farm in Dallas. Evey so often, the Apache hpptd child process restarts then stops responding to page requests when it cannot access OSCP stapling. Seeing the problem now every few days.
The latest was this morning (all times MST) between 2:31 am and 3:01 am. Here’s a sample from the log file…
[Mon Mar 04 02:31:15.367980 2019] [mpm_winnt:notice] [pid 18232:tid 532] AH00418: Parent: Created child process 18324
[Mon Mar 04 02:31:32.649236 2019] [mpm_winnt:notice] [pid 18324:tid 3236] AH00354: Child: Starting 1024 worker threads.
[Mon Mar 04 02:31:35.385082 2019] [ssl:error] [pid 18324:tid 24368] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. : [client 207.46.13.24:5884] AH01977: failed reading line from OCSP server
[Mon Mar 04 02:31:35.385082 2019] [ssl:error] [pid 18324:tid 24368] [client 207.46.13.24:5884] AH01980: bad response from OCSP server: (none)
[Mon Mar 04 02:31:35.385082 2019] [ssl:error] [pid 18324:tid 24368] AH01941: stapling_renew_response: responder error
The 3 [ssl:error] lines keep repeating over and over (I have over 40 sites hosted on my server including lodesys.com and k12irc.org).
Apache is restarted automatically every 5 minutes when not responding. The errors persisted until 3:01 am when the OSCP server appears to have started responding again and no more problems.
This issue has happened intermittently over the last week or two. I am looking at the option of just turning SSLUseStapling off as I need the sites up and running 24/7.
Not sure if this is an issue with Akami blocking the server farm’s IP range due to excessive hits or ???.
Here’s my Apache config lines…
SSLUseStapling on
SSLStaplingResponderTimeout 2
SSLStaplingReturnResponderErrors off
SSLStaplingFakeTryLater off
Any ideas or insights would be greatly appreciated.