• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Issue OCSP for Plesk-Panel does not work

F

fabulousone

New Pleskian
Server operating system version
Ubuntu 22.04. LTS
Plesk version and microupdate number
18.0.57 #4
Hello, I tried to activate OCSP for the Plesk Panel itself.

I followed this guide How to enable OCSP Stapling and HSTS for Plesk interface? - Support Cases from Plesk Knowledge Base and HSTS and a few other HTTP headers I added work fine. Only OCSP stapling doesn't work. I've already tested it with various tools (e.g.) SSLLabs :(

I added this to my /etc/sw-cp-server/conf.d/ssl.conf:

add_header Strict-Transport-Security "max-age=31536000" always;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;

May someone help me?
 
The relevant line in SSLLabs output is:

1702547324486.png

Is this the line where you see a "No" instead? There are other OSCP lines where a "no" is irrelevant.

Did you restart sw-cp-server and sw-engine after the changes?
 
Hello Peter, yes it says “no” right there. I restarted both services. no change. Even after restarting the entire server nothing happened.
 
The "ssl_stapling" directive could occur in other configuration files, too. Have you checked that the ssl.conf file is the only occurence of all the fles in /etc/sw-cp-server/conf.d?
 
The two lines were in the plesk.conf file: ssl_stapling on; ssl_stapling_verify on; Below that are the paths to the SSL certificate and the key. I removed the lines and restarted both services but it doesn't work.
 
The "on" should be o.k. I thought that maybe an "off" line could be found.

In this case I think it'll be best to submit a support ticket so that staff can check it directly on your server.
 
You must log in or register to reply here.

Similar threads

K
Issue OCSP Stapling seems only working with www version of a domain
Replies
3
Views
1K
learning_curve
learning_curve
TimReeves
Issue Debian 10 Nginx fails to start - missing ssl_stapling resolver
Replies
0
Views
2K
TimReeves
TimReeves
Dukemaster
Resolved OCSP Stapling with Letsencrypt per domain
Replies
9
Views
5K
Dukemaster
Dukemaster
W
Question What is the proper nginx additional directives with wordpress
Replies
0
Views
2K
Walter
W
J
Best Practice OCSP Stapling for Clients
Replies
1
Views
1K
Walter
W
Back
Top