Enabling OCSP stapling

#1
Hi,

I'm trying to enable OCSP stapling for a website. We have a cPanel server. I'm following this guide:
https://www.litespeedtech.com/support/wiki/doku.php/litespeed_wiki:config:ocsp-stapling

The website is already loaded with a Virtual Host Mapping from the Apache configuration on the server with this mapping name APVH_x.x.x.x:443_mywebsite.no on the IP we have tried enabling the OCSP stapling.

We have followed the guide and did everything there. Afterwards it shows as RED in the Home screen and there is no virtual host mapped to it. I assume that might be the issue. The problem is that I can't choose APVH_x.x.x.x:443_mywebsite.no if I try to add a virtual host to the OCSP listener. The virtual host drop down contains nothing and when I just put * in the Domains field I just get error about the empty Virtual host field.

Am I thinking wrong here? Do I need to add a new virtual host for a host already added through Apache loaded configuration?
 

mistwang

LiteSpeed Staff
#2
OCSP stapling is not supported for vhost configured through Apache httpd.conf .
It have to be configured through native configuration.
 
#3
So I can make a native vhost which will override the vhost from the Apache configuration and then I will be able to do enable OCSP stapling as intended?

Or do I have to skip the Apache configuration altogether and just use native for everything?
 

mistwang

LiteSpeed Staff
#4
You should skip Apache configuration for that vhost. the native vhost cannot override the vhost from Apache, as Apache vhosts are configured after the native vhosts, may override the the native vhost.
 
#5
So I just have to remove the vhost for that domain at port 443 (which basically means removing the SSL certificate from cpanel for that host so that cpanel won't automatically re-add it while rebuilding the Apache configuration) and add it in LiteSpeed as a native vhost? Or do I have to remove that vhost altogether from Apache configuration?
 

mistwang

LiteSpeed Staff
#6
only need to remove the https vhost from Apache configuration.
You need to add the 443 listener in native configuration,
add the 443 vhost.
add listener to vhost mapping with the domain.
 
#7
Is there a way I can get the current configuration for vhost APVH_x.x.x.x:443_mywebsite.no (vhost loaded from Apache configuration)? A temporary xml file, CLI or other?
 

tina

Well-Known Member
#9
Will OCSP be supported in the future for cPanel servers with Apache httpd.conf vhosts?

Or is this a 100% impossibility for technical reasons?
 
Top