We're seeing Certificate Revocation Lookup Failure errors all of the sudden today.
We're seeing the problem occurring across dozens of LetsEncrypt certs hosted in multiple AWS regions and accessed from all over the USA.
I'm guessing there's a problem with the CRL/OCSP infrastructure. Anyone else seeing problems?
Are you seeing these CRL failures for this certificate?
ISRG Root X1 signed by DST Root CA X3
If so, that's expected since the CRL for DST Root CA X3 is no longer operational.
No, we already went through the Root expiration fiasco. These are all certs that were deleted and issued brand new on Sept 29 2021, and this issue just started today.
Fingerprint SHA256: 67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd
Pin SHA256: jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0=
RSA 2048 bits (e 65537) / SHA256withRSA
ISRG Root X1 Self-signed
Fingerprint SHA256: 96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6
Pin SHA256: C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=
RSA 4096 bits (e 65537) / SHA256withRSA
Could you please specify what exact issue you're having? Error messages? Details? Anything?
Office 365 authentication through ADFS Web Application Proxy and also RDP Gateway connections using Let's Encrypt cert are throwing warnings:
And what's the content of "View Certificate"?
It's not a cert issue, just started having problems today.
Have one right now where a colleague is seeing an issue but I'm not.
Looks like it might be a DNS issue with Quad9 resolving OCSP servers.
Authority Info Access
Access Method=On-line Certificate Status Protocol (220.127.116.11.18.104.22.168.1)
Authority Info Access
Access Method=Certification Authority Issuer (22.214.171.124.126.96.36.199.2)
I opened a ticket with Quad9 and it looks like they have resolved the issue.
Oct 19, 2021, 19:04 UTC
Thanks for contacting Quad9 support.
We have added *.lencr.org to our permanent allow list. We are pushing the update to all global servers now. If it's not already unblocked for you, it should be within the next 10 minutes.
We apologize for any inconvenience caused.
I wonder why Mastercard flagged this domain as suspicious.
Thank you for getting to the bottom of this issue, @RobBiddle.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.