[Thu Feb 10 14:55:09.820657 2022] [ssl:error] [pid 100261] [client 49.34.211.224:38280] AH01980: bad response from OCSP server: 302 Moved Temporarily
[Thu Feb 10 14:55:09.820776 2022] [ssl:error] [pid 100261] AH01941: stapling_renew_response: responder error
Please show us your config. We don't even know what, if any, webserver you're using.
ubuntu 18.04
Apache2
Please show us how you enabled ocsp stapling.
Otherwise, this looks like a good place to start anew: Mozilla SSL Configuration Generator
SSL-PARMs.conf
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options SAMEORIGIN
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
# Requires Apache >= 2.4.11
SSLSessionTickets Off
And it doesn't work. Can your server resolve domain names?
not understand
open a shell and run
command letsencrypt.org
where command
can be either
resolvectl query
dig a
nslookup
(one or more might work depending on your distro and installed packages. You only need one.)
ssasadxds
It looks ok. I don't know what to tell you.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.