http://ocsp.int-x3.letsencrypt.org/ is not working in hongkong. [image]

@Phil , thanks for your answer, any news on this? We’ve been trying to bug Akamai about this as well :slight_smile:

@ranrub Unfortunately no good solution has been created yet. We’re still active on our Akamai ticket.

Further researching this, this looks to be a pure DNS problem. When dig is run out outside china, i get an ip address that is reachable from within china. So, this is specifically a DNS problem from within China: ran@Rans-MacBook-Pro ~ % dig ocsp.int-x3.letsencrypt.org ; <<>> DiG 9.10.6 <<>> ocsp.…

@Phil any news on this issue? Thanks!

Our CDN provider shares the conclusion other folks on this thread have reached, that it appears to be a problem caused by the Great Firewall interfering with DNS. We probably cannot work around this issue on our end. A couple of possible workarounds for clients that you control: If you configure a…

@jsha , I’m sorry but I do not control the clients. My customer in this case is an IOT provider of smart devices running a hardened realtime OS, they can’t patch them. Look at the answer section in the call from China: ;; ANSWER SECTION: ocsp.int-x3.letsencrypt.org. 5580 IN CNAME ocsp.int-x3.letsenc…

[image] ranrub: they would have blocked x1,x2,x4 as well These receive no traffic to begin with, as they are for retired or backup issuers. No reason to block something that's not used. But changing the CNAME does sound like a good idea in theory, if they haven't tried it already.

[image] ranrub: I believe Akamai can fix this, by changing the slot number (a771) to one that is not being interfered with. This is a good idea, we'll ask about this.

@jsha / @_az any news about this? Thanks! Ran

Ocsp.int-x3.letsencrypt.org is not working in China

Help

jsha May 19, 2020, 1:55am 24

Currently waiting on an update from Akamai.

Topic		Replies	Views
OCSP responder Problems? (letsencrypt.org DNS Problem) Help	14	9151	September 2, 2018
OCSP r3.o.lencr.org is not working in China for 184.50.87.27 Help	9	999	May 26, 2022
OSCP servers are inaccesible from some servers Issuance Tech	16	5900	December 11, 2017
All letsencrypt certificate show revocation erro information Help	27	3820	May 21, 2020
OCSP Request failed with following message Help	78	16918	March 24, 2018

Ocsp.int-x3.letsencrypt.org is not working in China

Related topics