Greetings to all.
I have an installation of HAProxy and am getting a certificate error when I attempt to load my website in Firefox, all other websites are working but this is affecting traffic (as anyone using Firefox can't visit the site). This error appears to be related to OCSP stapling.
I have tried many ways to generate the OCSP request and I am always getting "Responder Error: unauthorized (6)". I have read that this generally means the OCSP response isn't from the same URI that generated the certificate, but I've tried them all, and don't seem to be getting anywhere.
Here is my most recent attempt, I've removed my domain for obvious reasons.
openssl ocsp -no_nonce -respout /etc/haproxy/ssl/mydomain.pem.ocsp -issuer /etc/letsencrypt/live/mydomain.com/chain.pem -verify_other /etc/letsencrypt/live/mydomain.com/chain.pem -cert /etc/letsencrypt/live/mydomain.com/cert.pem -url http://ocsp.int-x3.letsencrypt.org/ -header host=ocsp.int-x3.letsencrypt.org
When my certificate was generated, the flags "--must-staple --staple-ocsp" where used. Could that be adding to my issues?
Any help would be greatly appreciated.