• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue OCSP Stapling seems only working with www version of a domain

K

Khorne

New Pleskian
Hi,

I'm currently running Plesk Obsidian 18.0.41 with Apache and Nginx reverse proxy. I'm trying to use OCSP Stapling for a domain using the following directives:

Code: 
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;

Then going on https://www.ssllabs.com/ssltest/ to check if OCSP Stapling is correctly on.

SSLlabs keep telling that OCSP Stapling is not on if I check my domain without www. But if I make the check with www, then OCSP Stapling is then on.

Any idea how to enable OCSP Stapling also for the non www version of my domain ?

Regards
 
I am not sure about the ssl_stapling on; and ssl_stapling_verify on; directives. But have you tried the native OCSP Stapling option in Plesk? When I test the results on SSLlabs for a domain with the native OCSP Stapling enabled it seems to work for the domain both with and without the www prefix.
Schermafbeelding 2022-02-03 om 20.11.58.png
 
Last edited:
@Khorne Asssuming that you've adding those directives in "Additional nginx directives" and not in "Additional Apache directives", with your chosen setup, it should work, exactly as intended. It does for us, on both TLD and WWW for all hosted domains. Using the alternative method that @Rasp has provided will also work perfectly, but it's one OR the other. Not both methods. If your setup is as you have indicated, then you'll get the following (correct) message with the SSL It area on each domain, together with the green tick / icon confirming that the OCSP Stapling function is enabled:
Enhances the privacy of website's visitors and improves the website performance. The web server will request the status of the website's certificate (can be good, revoked, or unknown) from the CA instead of the visitor's browser doing so. You can't manage this setting because appropriate params are specified in an Apache & Nginx Settings.
Click to expand...
Depending on who / what / where / which server / OS you're hosting on etc, you might want to look again at those directives. People often use more that one provider for the resolver and, the resolver_timeout value in seconds, does vary and/or is just intentionally omitted by some.
 
You must log in or register to reply here.

Similar threads

F
Issue OCSP for Plesk-Panel does not work
Replies
5
Views
2K
Peter Debik
P
P
Input Issues with Google DNS and name resolution of Let's Encrypt OSCP servers -> hanging Nginx reload and "nginx -t"
Replies
4
Views
3K
thinkjarvis
T
P
Issue OCSP Stapling seems not to work
Replies
1
Views
3K
Physicus
P
S
Question OCSP Stapling with Apache and Nginx Reverse Proxy
Replies
6
Views
3K
sall10
S
TimReeves
Issue Debian 10 Nginx fails to start - missing ssl_stapling resolver
Replies
0
Views
2K
TimReeves
TimReeves
Back
Top