I’m getting 2 errors every minute in our websites nginx error log, for the past 2 days.
ocsp.int-x3.letsencrypt.org could not be resolved (110: Operation timed out) while requesting certificate status, responder: ocsp.int-x3.letsencrypt.org, certificate: "/data/disk/o1/config/server_master/ssl.d/mydomain.com/openssl_chain.crt
There are lots of posts out there suggesting turning off stapling/OCSP but this surely is just a connection issue not a software issue? So i tried this, both on my local pc and on the server in question… curl -6 -IL ocsp.int-x3.letsencrypt.org
both times i got curl: (7) Couldn't connect to server
What does running these two commands on your affected server show?
dig ocsp.int-x3.letsencrypt.org AAAA
dig @8.8.8.8 ocsp.int-x3.letsencrypt.org AAAA
To be 100% clear: does your server have a working IPv6 configuration? You're using curl -6 to debug which indicates yes but I want to make sure that was the case.
@JamesLE Can you suggest any further debugging steps?
Hmm. This error indicates you aren’t able to contact the recursive resolver you have configured in your nginx settings (8.8.8.8) and makes it seem like your server has general networking problems beyond anything specific to Let’s Encrypt.
Can you share the output of these commands run on the server?:
Did you run the curl -I http://example.com command I asked about as well?
It might be that your server has general connectivity issues with the Internet generally and 1.1.1.1 won't work either. Edit: I see now you shared it and it did seem to work.
Switching to 1.1.1.1 might solve your problem but its pretty curious you can't reach 8.8.8.8 - that might be a symptom of a larger problem.
Most definitely, although I’m not sure what that could be at this point, I’m using a bundled install for this project. ill try the resolver change for now and come back.