hi,

> The error message suggests there is something wrong with DNS on> your host.
> If this happens only on boot but not when you restart/reload nginx
> after boot,

ah. testing, yep, that does seem to be the case

> this might indicate that DNS is not yet properly
> available when nginx starts. One possible reason is that nginx
> systemd service is not properly configured to depend on DNS being
> available: for nginx to start properly you may want to ensure that
> there is Wants= and After= dependency on network-online.target,
> and After= dependency on nss-lookup.target, see nginx.service as
> shipped by nginx.org nginx packages[1] for an example.

i'd added/use unbound as local resolver.

changing both

edit /etc/systemd/system/nginx.service
- After=network-online.target
- Wants=network-online.target
+ After=network-online.target nss-lookup.target unbound.target
+ Wants=network-online.target nss-lookup.target unbound.target

and

edit /etc/systemd/system/nginx.service
- networks: files dns
+ networks: dns files

does the trick.

i wasn't noticing any DNS issues anywhere (else); just this ocsp fail. good catch, thx!

o/
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx