How to solve OCSP_check_validity() error?

SimBioT · October 16, 2018, 9:35am

On my server I have an API with hundreds requests per second and every day I get an error in my Nginx error.log:
OCSP_check_validity() failed (SSL: error:2707307D:OCSP routines:OCSP_check_validity:status expired) while requesting certificate status, responder: ocsp.int-x3.letsencrypt.org

I tried to disable ssl_stapling but it does not work.

My web server is: nginx/1.14.0 (latest stable)

The operating system my web server runs on is (include version): Ubuntu 16.04.5 LTS (xenial)

My hosting provider is: OVH.com

I can login to a root shell on my machine: yes

I’m using a control panel to manage my site: no

_az · October 16, 2018, 10:13am

Is your server’s date correct? Do you have an ntp service running?

SimBioT · October 16, 2018, 11:01am

Date is correct but I have no ntp service

_az · October 16, 2018, 8:26pm

What does this show:

timedatectl status

and for comparison:

curl -i letsencrypt.org 2>&1 | grep Date

The only other thing I can think of that would cause this is if the OCSP service was actually serving stale results, but we'd need to know what the domain is and where you're querying from to figure that part out. That did happen in the past, but it was widely reported by many users.

Topic		Replies	Views
OCSP_check_validity() failed Help	3	4308	January 11, 2017
OCSP responder problems Help	6	4838	February 7, 2021
OCSP responder timed out Help	1	2299	June 23, 2019
NGINX OCSP not responding Server	4	3595	January 9, 2016
Connection refused while requesting certificate status Help	10	7398	September 12, 2020

How to solve OCSP_check_validity() error?

Related topics