sec_error_ocsp_try_server_later in cPanel - Fix it Now ?

Basically, sec_error_ocsp_try_server_later error happens when we visit a secure website using the https:// protocol in Firefox or Internet Explorer.

It does not indicate a problem with the site. It occurs due to a change in the method they use to check for revoked SSL certificates.

Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform related cPanel queries.

How to resolve sec_error_ocsp_try_server_later in cPanel ?

In order to resolve this error,

  • We will log in to the WebHost Manager as root.
  • Mostly, we use certificate revocation checks to prevent visiting a site that uses a compromised security certificate.
  • The web browser typically would check a Certificate Revocation List directly. But the newer process, OCSP stapling, relies on the webserver to make the check and pass along the Certificate Authority’s cached response to the browser.
  • Since this is a new process and not yet an Internet standard, some servers require a minor configuration change to comply with the browser’s request.
  • If we confront the error, we can easily enable OCSP stapling on the server directly from WHM.

1. Open the Apache Include Editor in WHM

i. In WHM, we select Apache Configuration in the left menu to open the Apache Configuration page.

ii. Then we scroll down to Include Editor and select it.

iii. On the Include Editor page, in the Pre-VirtualHost Include section, we select All Versions underneath "I wish to edit the Pre-VirtualHost configuration include file for":

We scroll past any directives that may be listed in the include file, and add the following at the very bottom:

SSLUseStapling on
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)

Then we click on the Update button at the bottom to save the include file.

2. Restart Apache to Apply the Settings

  • In order to apply the new setting, all we need to do is to restart Apache.
  • WHM makes that easier by presenting us a Restart Apache button once we save the changes in the previous step.

[Need help with cPanel errors resolution? We'd be happy to assist. ]


This article covers methods to resolve cPanel: Firefox users see "sec_error_ocsp_try_server_later". 

To fix this cPanel error:

  • Log in to your server's WHM interface as root or a priveledged user.
  • Go to Service Configuration, then Apache Configuration.
  • Choose Include Editor, then from the drop down for Pre Main Include select All Versions.

Once you see the text editor for the include file of All Versions, there may already be some configuration lines in there. If there are, simply scroll to the bottom of the window, then paste in the following:

SSLUseStapling on
SSLStaplingCache shmcb:/tmp/stapling_cache(32768)