Issue OCSP for Plesk-Panel does not work

[fabulousone]

Server operating system version

Ubuntu 22.04. LTS

Plesk version and microupdate number

18.0.57 #4

Hello, I tried to activate OCSP for the Plesk Panel itself.

I followed this guide How to enable OCSP Stapling and HSTS for Plesk interface? - Support Cases from Plesk Knowledge Base and HSTS and a few other HTTP headers I added work fine. Only OCSP stapling doesn't work. I've already tested it with various tools (e.g.) SSLLabs

I added this to my /etc/sw-cp-server/conf.d/ssl.conf:

add_header Strict-Transport-Security "max-age=31536000" always;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;

May someone help me?

 

[Peter Debik]

The relevant line in SSLLabs output is:



Is this the line where you see a "No" instead? There are other OSCP lines where a "no" is irrelevant.

Did you restart sw-cp-server and sw-engine after the changes?

 

[fabulousone]

Hello Peter, yes it says “no” right there. I restarted both services. no change. Even after restarting the entire server nothing happened.

 

[Peter Debik]

The "ssl_stapling" directive could occur in other configuration files, too. Have you checked that the ssl.conf file is the only occurence of all the fles in /etc/sw-cp-server/conf.d?

 

[fabulousone]

The two lines were in the plesk.conf file: ssl_stapling on; ssl_stapling_verify on; Below that are the paths to the SSL certificate and the key. I removed the lines and restarted both services but it doesn't work.

 

[Peter Debik]

The "on" should be o.k. I thought that maybe an "off" line could be found.

In this case I think it'll be best to submit a support ticket so that staff can check it directly on your server.