Welcome! Log In Create A New Profile

Advanced

"ssl_stapling" ignored warning on boot with LE certs?

pgn
February 15, 2023 12:26PM
i run

nginx -v
nginx version: nginx/1.23.3 (Local Build)

nginx is launched on boot with a systemd service

my site's ssl enabled, using letsencrypt certs

in my boot logs, i see

Feb 15 11:54:03 svr017 nginx[912]: nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "r3.o.lencr.org/" in the certificate "/sec/svr017/fullchain.ec.crt.pem"

nginx site config includes

ssl_trusted_certificate "/sec/svr017/intermediate_ca.ec.crt.pem";
ssl_certificate "/sec/svr017/fullchain.ec.crt.pem";
ssl_certificate_key "/sec/svr017/priv.ec.key";


ssl_stapling on;
ssl_stapling_verify on;
ssl_ocsp on;
ssl_ocsp_cache shared:OCSP:10m;
ssl_stapling_responder http://r3.o.lencr.org/;
ssl_ocsp_responder http://r3.o.lencr.org/;

checking the cert

openssl x509 -noout -text -in /sec/svr017/fullchain.ec.crt.pem | grep -i ocsp -A2 -B1
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:

from the host

dig A r3.o.lencr.org +short
o.lencr.edgesuite.net.
a1887.dscq.akamai.net.
23.215.130.112
23.215.130.106
23.215.130.113
23.215.130.88

telnet -4 r3.o.lencr.org 80
Trying 23.63.77.32...
Connected to r3.o.lencr.org.
Escape character is '^]'.

curl -Ii http://r3.o.lencr.org/
HTTP/1.1 200 OK
Server: nginx
Content-Length: 0
Cache-Control: max-age=5863
Expires: Wed, 15 Feb 2023 18:52:39 GMT
Date: Wed, 15 Feb 2023 17:14:56 GMT
Connection: keep-alive

is this warning due to a nginx misconfig? or a cert issue?
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

"ssl_stapling" ignored warning on boot with LE certs?

pgn February 15, 2023 12:26PM

Re: "ssl_stapling" ignored warning on boot with LE certs?

Maxim Dounin February 16, 2023 09:00AM

Re: "ssl_stapling" ignored warning on boot with LE certs?

pgn February 16, 2023 09:24AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 77
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready