I constantly get errors like this in my nginx errorlog:
2017/05/03 21:01:27 [error] 27909#27909: OCSP responder sent invalid “Content-Type” header: “text/html; charset=utf-8” while requesting certificate status, responder: ocsp.int-x3.letsencrypt.org
Sniffing with wireshark shows that the failed request tried to get the ocsp response from:
The response is an “HTTP/1.0 301 Moved Permanently” which redirects to this location via location header:
The supplied Content-Type header is “text/html; charset=utf-8”, which makes nginx fail.
If I try this second request using wget I get an HTTP 400 error back.
My errorlog is constantly filling up and I suspect ocsp stapling will stop working for at least one of my domains, once the last valid response times out.