Applicable to:
- Plesk for Linux
Symptoms
- NGINX cannot start with the timeout error:
# service nginx status
● nginx.service - Startup script for nginx service
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Drop-In: /usr/lib/systemd/system/nginx.service.d
└─limit_nofile.conf
Active: failed (Result: timeout) since Wed 2020-05-06 08:53:06 EEST; 16min ago
May 06 08:53:06 wh01.n8solutions.host systemd[1]: Failed to start Startup script for nginx service. - NGINX syntax shows the following warning:
# nginx -t
nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/usr/local/psa/var/certificates/scfU5oE9u"
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
- The certificate file from the warning is assigned to example.com domain
# grep -iR scfU5oE9u /var/www/vhosts/system/*/conf/*.conf
/var/www/vhosts/system/example.com/conf/httpd.conf: SSLCertificateFile /usr/local/psa/var/certificates/scfU5oE9u
- In Domains > example.com > SSL/TLS certificates support OCSP is enabled;
- Outbound collections cannot be established from the server:
# nmap google.com -p443
Starting Nmap 6.40 ( http://nmap.org ) at 2020-05-06 10:24 EEST
Failed to resolve "google.com".
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 56.09 seconds
Cause
Outbound connection are not available due to this OCSP cannot connect to the external source to check certificate validity.
Resolution
- Log into Plesk;
- Go to Domains > example.com > SSL/TLS Certificates;
- Disable the OCSP Stapling option:
- Re-enable it back.
Comments
0 comments
Please sign in to leave a comment.