Certbot OCSPResponseStatus.UNAUTHORIZED

My domain is: forums.bluebear.network

I ran this command: sudo certbot certificates

It produced this output:
Invalid OCSP response status for /etc/letse ncrypt/live/bluebear.network/cert.pem: OCSPResponseStatus.UNAUTHORIZED
Invalid OCSP response status for /etc/letsencrypt/live/forums.bluebear.network/cert.pem: OCSPResponseStatus.UNAUTHORIZED

My web server is (include version): Nginx 1.10.3

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: - Proxmox VM on Dedicated Server by Zade Servers

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Certbot 0.35.0

Is it safe to just chmod 777?

There isn’t an issue with the file permissions. You don’t need to chmod anything. The “unauthorized” status is the OCSP response.

What’s the complete output of “sudo certbot certificates”?

The response “unauthorized” is returned in cases where the client is not authorized to make this query to this server or the server is not capable of responding authoritatively (cf. [RFC5019], Section 2.2.3).

Unauthorized is corroborated when using crt.sh as the OCSP client for the most recent certificate of that domain: https://crt.sh/?id=1557308103&opt=ocsp

Hopefully the ops people will see it on their graphs …

That certificate expired a week ago – unauthorized is probably intentional.

1 Like

Oh yeah, didn’t notice the expiry. That also reminds me that this has been discussed before and resulted in this issue: https://github.com/certbot/certbot/issues/7152 . The Certbot error message seems to have changed again.

2 Likes