I need urgent help with stopping the letsencrypt.org OCSP request be sent when using the google cloud load balancer.
I have configured my NGINX server successful to make OCSP stapling as written and recommended in the letsencrypt documentation.
See Log for Proof at the end!
Problem is that when i put my server behind the google cloud load balancer
then the OCSP stapling does not work anymore and the ocsp request are still sent to letsencrypt.org.
How can i solve this Problem with OCSP stapling with the google load balancer ?
I searched a lot on the Internet but there is zero information how this can be done !!!
My question if there is no possibility to get OCSP stapling on the google cloud load balancer and it looks like there is none is it then possible to create my own SSL Certificate on the Webserver and sign it using the letsencrypt certiifacate ?
Will this then work in the webbrowser as a replacement ? Could this be a solution at least that the Request are not sent anymore to letsencrypt.org but instead to my server when using the google Cloud load balancer ?
And if yes how can this be done step by step when there is no possibility to get the google cloud load balancer make OCSP stapling?
Is there somebody who has same setup with letsenecrypt certificate ocsp stapling and google cloud load balancer and how do you solve this problem ?
Please Help me with this OCSP stapling problem when using the google cloud load balancer !
Thank you advance !
Best regards Romeo
Log of my Server that does successful OCSP stapling without the google cloud load balancer:
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Version: 1 (0x0)
Responder Id: C = US, O = Let’s Encrypt, CN = Let’s Encrypt Authority X3
Produced At: May 28 01:10:00 2020 GMT
Hash Algorithm: sha1
Issuer Name Hash: 7EE66AE7729AB3FCF8A220646C16A12D6071085D
Issuer Key Hash: A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA1
Serial Number: 04638B3DBBDB426484E25D816B31BEB0F560
Cert Status: good
This Update: May 28 01:00:00 2020 GMT
Next Update: Jun 4 01:00:00 2020 GMT
Signature Algorithm: sha256WithRSAEncryption 4d:c4:c4:6c:32:53:61:04:6f:e9:8e:ca:cd:7e:29:44:b2:1a: bc:82:fa:88:6e:00:48:3c:73:ff:bb:de:9a:1f:b6:bb:dd:01: e6:06:b0:43:ab:e2:0b:39:b1:ef:70:f0:0b:6f:53:bf:fe:6a: 80:c8:34:b6:ba:e8:41:8d:8f:f5:d8:79:2c:dc:83:f1:f4:2d: bb:41:95:d0:12:70:8e:5f:0f:0c:36:19:25:8d:11:32:ed:58: 1c:ea:0d:0f:75:27:07:27:2c:f5:ae:e0:5e:27:32:4f:a4:c9: 90:6b:f3:41:47:7d:c5:34:14:dc:02:05:a3:13:03:25:ee:36: 5d:77:70:c4:fe:15:42:71:05:25:66:9e:57:4f:18:0c:d2:66: b6:78:4e:b9:33:28:c7:4e:54:25:21:f3:23:85:a3:7b:80:b8: 0a:b1:46:52:4f:59:77:e1:53:e1:31:f6:2e:9d:c7:cd:9c:d8: 60:d2:40:8c:97:52:f6:ef:f2:91:c1:06:59:1b:49:55:13:e7: fb:09:b5:d4:0e:c6:89:31:7f:fc:98:07:91:f0:f9:1c:9c:7f: 44:ce:a2:db:70:93:58:d5:e6:1b:a2:90:3c:e9:55:c5:5b:ff: aa:19:a2:22:14:c1:09:6f:0a:25:dd:18:6b:2a:cd:2e:17:c3: 7b:ae:42:e5
Log of the Server running behind the google cloud load balancer that clearly show that OCSP stapling is not working when using the balancer and all requests are sent to letsencrypt.org which is bad !
OCSP response: no response sent