Due to some conflicting installations of third-parties software in my Ubuntu 18.04.01 Server Edition I needed to wipe everything out and reinstall Ubuntu again (no network connection anymore).
I kept a copy of /etc/ssl/certs folder and /etc/letsenctypt folder , both of which I copied into the freshly installed U_buntu 18.04.01 Server system.
After reinstalling nginx server I checked its status and this is the output:
marco@pc:~$ sudo systemctl status nginx
β nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2019-07-31 18:45:54 CEST; 5min ago
Docs: man:nginx(8)
Process: 980 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited,
status=0/SUCCESS)
Process: 932 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited,
status=0/SUCCESS)
Main PID: 994 (nginx)
Tasks: 9 (limit: 4915)
CGroup: /system.slice/nginx.service
ββ 994 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
ββ 998 nginx: worker process
ββ1000 nginx: worker process
ββ1006 nginx: worker process
ββ1007 nginx: worker process
ββ1008 nginx: worker process
ββ1009 nginx: worker process
ββ1010 nginx: worker process
ββ1011 nginx: worker process
Jul 31 18:45:54 pc systemd[1]: Starting A high performance web server and a reverse proxy server...
Jul 31 18:45:54 pc nginx[932]: nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder
"ocsp.int-x3.letsencrypt.org" in the certificate "/etc/ssl/certs/chained.pem"
Jul 31 18:45:54 pc nginx[980]: nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder
"ocsp.int-x3.letsencrypt.org" in the certificate "/etc/ssl/certs/chained.pem"
Jul 31 18:45:54 pc systemd[1]: Started A high performance web server and a reverse proxy server.
After reading this similar request: Host not found in OCSP responder [nginx]
I checked if the server can talk to 8.8.8.8 :
marco@pc:~$ dig @8.8.8.8 ocsp.int-x3.letsencrypt.org
; <<>> DiG 9.11.3-1ubuntu1.8-Ubuntu <<>> @8.8.8.8 ocsp.int-x3.letsencrypt.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9840
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;ocsp.int-x3.letsencrypt.org. IN A
;; ANSWER SECTION:
ocsp.int-x3.letsencrypt.org. 1730 IN CNAME ocsp.int-x3.letsencrypt.org.edgesuite.net.
ocsp.int-x3.letsencrypt.org.edgesuite.net. 18664 IN CNAME a771.dscq.akamai.net.
a771.dscq.akamai.net. 19 IN A 88.221.111.72
a771.dscq.akamai.net. 19 IN A 88.221.111.88
;; Query time: 58 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Jul 31 18:52:42 CEST 2019
;; MSG SIZE rcvd: 174
marco@pc:~$ getent hosts ocsp.int-x3.letsencrypt.org
2a02:26f0:ad::58dd:6f58 a771.dscq.akamai.net ocsp.int-x3.letsencrypt.org ocsp.int-
x3.letsencrypt.org.edgesuite.net
2a02:26f0:ad::58dd:6f48 a771.dscq.akamai.net ocsp.int-x3.letsencrypt.org ocsp.int-
x3.letsencrypt.org.edgesuite.net
What is the problem which causes nginx: [warn] βssl_staplingβ ignored, host not found in OCSP responder βocsp.int-x3.letsencrypt.orgβ in the certificate β/etc/ssl/certs/chained.pemβ ?
Marco