Bad response from oscp server

[Thu Feb 10 14:55:09.820657 2022] [ssl:error] [pid 100261] [client 49.34.211.224:38280] AH01980: bad response from OCSP server: 302 Moved Temporarily
[Thu Feb 10 14:55:09.820776 2022] [ssl:error] [pid 100261] AH01941: stapling_renew_response: responder error

Please show us your config. We don't even know what, if any, webserver you're using.

1 Like

ubuntu 18.04
Apache2

Please show us how you enabled ocsp stapling.

Otherwise, this looks like a good place to start anew: Mozilla SSL Configuration Generator

1 Like
SSL-PARMs.conf

Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options SAMEORIGIN
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
# Requires Apache >= 2.4.11
SSLSessionTickets Off

And it doesn't work. Can your server resolve domain names?

1 Like

not understand

open a shell and run

command letsencrypt.org

where command can be either

  • resolvectl query
  • dig a
  • nslookup

(one or more might work depending on your distro and installed packages. You only need one.)

1 Like

ssasadxds

It looks ok. I don't know what to tell you.

1 Like

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.