Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Fix macOS Hanging Issue

Fix macOS Hanging Issue

Problem

Hey Apple users:

If you're now experiencing hangs launching apps on the Mac, I figured out the problem using Little Snitch.

It's trustd connecting to http://ocsp.apple.com

Denying that connection fixes it, because OCSP is a soft failure.

(Disconnect internet also fixes.)

@lapcatsoftware (Tweet)

Solutions

Both of these solutions do the same thing and prevent connections to ocsp.apple.com so your computer doesn't hang anymore. Pick the one that you feel more comfortable with.

Solution 1

The solution involves visually editing your /etc/hosts file with the vi command-line editor. Original source is this tweet, with corrections from replies:

  1. Disconnect Internet (if possible)
  2. Open Terminal
  3. Run sudo vi /etc/hosts
  4. Type G$ (go to end of file)
  5. Type i, right arrow, enter
  6. Type 0.0.0.0 ocsp.apple.com
  7. Press esc then type :x then press enter to save and quit
  8. Reconnect Internet (if you disconnected it)
  9. sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder to flush DNS

Solution 2

This solution has the same effect as the above solution (appending a line to /etc/hosts) and involves only one command. If you're not familiar with the Terminal or vi, you should do this.

  1. Open Terminal
  2. Run echo "127.0.0.1 ocsp.apple.com" | sudo tee -a /etc/hosts to append 127.0.0.1 ocsp.apple.com to the end of /etc/hosts
  3. sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder to flush DNS

Thanks @gnb for this one-liner!

Example /etc/hosts

After you're done, your /etc/hosts file should look something like:

##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1	localhost
255.255.255.255	broadcasthost
::1             localhost

# (You might not have everything that's above this line, but your file should end with the line below)
127.0.0.1 ocsp.apple.com

You can type cat /etc/hosts in your Terminal to print the contents of the /etc/hosts file to your screen, if you want to verify.

AFTER Apple Fixes Their Issue

Once Apple fixes this issue upstream, you should get rid of the changes that were made to the /etc/hosts file in the above procedure.

  1. Open Terminal
  2. Run sudo vi /etc/hosts
  3. Type G$ (go to end of file)
  4. Make sure you're on the line that reads 127.0.0.1 ocsp.apple.com (i.e. the line you added). If you aren't, use your up and down arrow keys so your cursor is on that line.
  5. Type dd to delete the line.
  6. Press esc then type :x then press enter to save and quit

Further Reading

If you're curious what the Online Certificate Status Protocol (OCSP) is/the impacts of this change, check out the links below.

You should probably follow the instructions above to get rid of the changes that were made as soon as Apple fixes the issue.

Acknowledgments

  1. Send traffic to 0.0.0.0 instead of 127.0.0.1 from @michaelmior (Source)
  2. Typo in ocsp, original tweet read "oscp" from @ofergayer (Source)
  3. Restarting may not be necessary from @danbenjamin (Source)
  4. Right arrow, not left arrow from @simon (Source)
  5. Alternate one-line solution from @gnb (Source)
@JeffreyCA

This comment has been minimized.

Copy link

@JeffreyCA JeffreyCA commented Nov 13, 2020

There are still several of typos of oscp instead of ocsp in this file.

@lukehinds

This comment has been minimized.

Copy link

@lukehinds lukehinds commented Nov 13, 2020

You don't need to disconnect from the internet

sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder will refresh your hosts.

@tralik

This comment has been minimized.

Copy link

@tralik tralik commented Nov 13, 2020

Type G$ (go to end of file)
Type i, right arrow, enter

can be replace with: Type Go

G: go to end of file
o: begin a new line below the cursor and insert text

@angrox

This comment has been minimized.

Copy link

@angrox angrox commented Nov 13, 2020

Solution2 has a wrong syntax for /etc/hosts - the hostname is needed, not the url.

@Emzy

This comment has been minimized.

Copy link

@Emzy Emzy commented Nov 13, 2020

echo "127.0.0.1 http://oscp.apple.com" | sudo tee -a /etc/hosts
is not right. This is:
echo "127.0.0.1 oscp.apple.com" | sudo tee -a /etc/hosts

@martinstoyanov

This comment has been minimized.

Copy link

@martinstoyanov martinstoyanov commented Nov 13, 2020

"Once Apple fixes this issue upstream, you should get rid of the changes that were made to the /etc/hosts file in the above procedure."

Why should we do this?

@dan

This comment has been minimized.

Copy link

@dan dan commented Nov 13, 2020

"Once Apple fixes this issue upstream, you should get rid of the changes that were made to the /etc/hosts file in the above procedure."

Why should we do this?

In theory, you want apple to certify third-party apps when launching them. If you don't care, keep your /etc/hosts changes.

@lysol

This comment has been minimized.

Copy link

@lysol lysol commented Nov 13, 2020

I know you wanted to be the smartest guy in the room, but URLs don't go into /etc/hosts

@nathanhleung

This comment has been minimized.

Copy link
Owner Author

@nathanhleung nathanhleung commented Nov 13, 2020

There are still several of typos of oscp instead of ocsp in this file.

Thanks, fixed this

@nathanhleung

This comment has been minimized.

Copy link
Owner Author

@nathanhleung nathanhleung commented Nov 13, 2020

I know you wanted to be the smartest guy in the room, but URLs don't go into /etc/hosts

Thanks, when copying from Twitter http:// was accidentally appended to the beginning of the hostname. Fixed this

@nathanhleung

This comment has been minimized.

Copy link
Owner Author

@nathanhleung nathanhleung commented Nov 13, 2020

echo "127.0.0.1 http://oscp.apple.com" | sudo tee -a /etc/hosts
is not right. This is:
echo "127.0.0.1 oscp.apple.com" | sudo tee -a /etc/hosts

Thanks, the http:// was inadvertently appended to the beginning of the hostname when copying from Twitter. Fixed this

@nathanhleung

This comment has been minimized.

Copy link
Owner Author

@nathanhleung nathanhleung commented Nov 13, 2020

You don't need to disconnect from the internet

sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder will refresh your hosts.

Thanks, removed the instruction to restart and replaced it with that command

@parstra

This comment has been minimized.

Copy link

@parstra parstra commented Nov 13, 2020

I like the one-liner for adding the entry to /etc/hosts file, I think it would be helpful for people to create a backup file with the original version and then restore it instead of entering vi (few people can get out successfully :-p )

You can wrap solution 2 with

sudo cp /etc/hosts{,_old}

in the beginning to create the backup, and

sudo cp /etc/hosts{_old,}

at the end, to restore it.

@slayerwolf00fa

This comment has been minimized.

Copy link

@slayerwolf00fa slayerwolf00fa commented Jan 11, 2021

nice job

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment