We have an update for Cpnginx with a new version 11.7 which have a fix for the openssl bug ?
What is Openssl Bug?
Recently Redhat upgraded openssl to version openssl-1.0.2k-23.el7_9.x86_64 , which breaks any apache or nginx servers or other services using the OCSP ssl sapling mechanism.
How to solve this issue?
You need to disable SSL OCSP sapling on your virtual hosts
Steps to Fix it in Cpnginx
Upgrade cpnginx and do the following steps from server shell
# wget -c https://syslintportal.com/downloads/cpnginx-11.7.tar.gz
# tar -xzf cpnginx-11.7.tar.gz
# cd cpnginx-11.7
Now disable OCSP sapling and rebuild vhosts
# touch /etc/cpnginx/disable_ocsp
# nginxctl build vhosts
# nginxctl restart
Soon after a patch from Redhat developers available for the openssl, you can simply remove /etc/cpnginx/disable_ocsp and rebuild vhosts to enable OCSP saplin