Welcome! Log In Create A New Profile

Advanced

Re: "ssl_stapling" ignored warning on boot with LE certs?

pgn
February 16, 2023 09:24AM
hi,

> The error message suggests there is something wrong with DNS on> your host.
> If this happens only on boot but not when you restart/reload nginx
> after boot,

ah. testing, yep, that does seem to be the case

> this might indicate that DNS is not yet properly
> available when nginx starts. One possible reason is that nginx
> systemd service is not properly configured to depend on DNS being
> available: for nginx to start properly you may want to ensure that
> there is Wants= and After= dependency on network-online.target,
> and After= dependency on nss-lookup.target, see nginx.service as
> shipped by nginx.org nginx packages[1] for an example.

i'd added/use unbound as local resolver.

changing both

edit /etc/systemd/system/nginx.service
- After=network-online.target
- Wants=network-online.target
+ After=network-online.target nss-lookup.target unbound.target
+ Wants=network-online.target nss-lookup.target unbound.target

and

edit /etc/systemd/system/nginx.service
- networks: files dns
+ networks: dns files

does the trick.

i wasn't noticing any DNS issues anywhere (else); just this ocsp fail. good catch, thx!

o/
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

"ssl_stapling" ignored warning on boot with LE certs?

pgn February 15, 2023 12:26PM

Re: "ssl_stapling" ignored warning on boot with LE certs?

Maxim Dounin February 16, 2023 09:00AM

Re: "ssl_stapling" ignored warning on boot with LE certs?

pgn February 16, 2023 09:24AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 81
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready