Bad response from oscp server

jangraboy0007 · February 10, 2022, 10:13am

[Thu Feb 10 14:55:09.820657 2022] [ssl:error] [pid 100261] [client 49.34.211.224:38280] AH01980: bad response from OCSP server: 302 Moved Temporarily
[Thu Feb 10 14:55:09.820776 2022] [ssl:error] [pid 100261] AH01941: stapling_renew_response: responder error

9peppe · February 10, 2022, 10:23am

Please show us your config. We don't even know what, if any, webserver you're using.

jangraboy0007 · February 10, 2022, 10:42am

ubuntu 18.04
Apache2

9peppe · February 10, 2022, 10:45am

Please show us how you enabled ocsp stapling.

Otherwise, this looks like a good place to start anew: Mozilla SSL Configuration Generator

jangraboy0007 · February 10, 2022, 11:26am

SSL-PARMs.conf

Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options SAMEORIGIN
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
# Requires Apache >= 2.4.11
SSLSessionTickets Off

9peppe · February 10, 2022, 11:29am

And it doesn't work. Can your server resolve domain names?

jangraboy0007 · February 10, 2022, 11:33am

not understand

9peppe · February 10, 2022, 11:35am

open a shell and run

command letsencrypt.org

where command can be either

resolvectl query
dig a
nslookup

(one or more might work depending on your distro and installed packages. You only need one.)

jangraboy0007 · February 10, 2022, 11:36am

ssasadxds

9peppe · February 10, 2022, 11:37am

It looks ok. I don't know what to tell you.

Osiris · February 10, 2022, 5:35pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

system · March 12, 2022, 5:36pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Bad response from OCSP server Issuance Tech	3	3928	April 9, 2019
OCSP responses inconsistent between different OCSP Servers Help	7	3712	November 30, 2016
OCSP responder Problems? (letsencrypt.org DNS Problem) Help	14	8966	September 2, 2018
OCSP error is taking down my site in firefox Help	19	14140	October 5, 2016
OCSP Error with Firefox (Resolved) Help	4	10384	March 22, 2018

Bad response from oscp server

Related topics