OCSP_basic_verify() failed: error:27069076:OCSP routines:OCSP_basic_verify:signer certificate not fo

[MH-Stefan]

Since a while, I've noticed the following error occurring hundreds of times in the error_log:

2016-06-13 09:49:52.618 [ERROR] /var/cpanel/ssl/installed/certs/***snipped***.crt: OCSP_basic_verify() failed: error:27069076:OCSP routines:OCSP_basic_verify:signer certificate not found

About 95% of the SSL certificates installed are Comodo PositiveSSL. I've re-installed the SSL certificates of some domains with the latest Comodo CA Bundle, but the error still occurs.

Any idea what suddenly causes this issue? Could it be a bug or a misconfiguration in LSWS/cPanel?

Thank you in advance.

 

[mistwang]

Have you tried chained certificate file? concat the Comodo CA bundle to the end of site certificate file?
Have you update LSWS? from which version? Did it work with other version?

 

[MH-Stefan]

In WHM » SSL/TLS » Install an SSL Certificate on a Domain, I've pasted the SSL certificate, clicked on the "Autofill by Certificate" button and installed the SSL with the existing CA bundle.

I've also tried by pasting the content of the following files under the "Certificate Authority Bundle" field:
COMODORSAAddTrustCA.crt, COMODORSADomainValidationSecureServerCA.crt, AddTrustExternalCARoot.crt

I don't remember seeing this error before. It seems to have appeared with LSWS 5.1.5 (or earlier) and persists with LSWS 5.1.6

 

[mistwang]

Please check the cert file, see if it have multiple certificates there (chained file).

 

[MH-Stefan]

It doesn't; it's just a single certificate (of the domain). WHM also doesn't allow to paste more than one certificate.

 

[mistwang]

For the purpose of diagnose, can you try manually append the CA certs to the site cert file, then restart server, see if the problem fixed or not.

How is the CA certs configured currently, through "SSLCACertificateFile"?