Host not found in OCSP responder [nginx]

Hey guys.

I set up a domain hosted on GCP. All’s going fine, but I can’t seem to get OCSP working. Nginx complains saying "ssl_stapling" ignored, host not found in OCSP responder "" in the certificate "/etc/letsencrypt/live/<domain>/fullchain.pem".

Here is the config so far.

ssl_stapling                on;
ssl_stapling_verify         on;
ssl_trusted_certificate     /etc/letsencrypt/live/<domain>/chain.pem;
resolver           valid=43200s;

I can verify that OCSP is working when the client fetches it, as the test succeeds in Qualys SSL test. I can also ping and verify the chain from my servers CLI (openssl ocsp -issuer chain.pem -cert fullchain.pem -text -url
Domain is, if that helps
I am kinda new to this and am learning along the way (domains, servers, HTTPS, keys etc…). What could I be missing?

This is a DNS failure within nginx. Can your server definitely talk to

dig @
getent hosts

DIG response:

; <<>> DiG 9.11.4-3ubuntu5.3-Ubuntu <<>> @
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29527
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 512
;   IN      A

;; ANSWER SECTION: 454 IN     CNAME 1735 IN CNAME   19      IN      A   19      IN      A

;; Query time: 21 msec
;; WHEN: Tue May 07 07:46:11 UTC 2019
;; MSG SIZE  rcvd: 174

Hosts file:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.