Ocsp.int-x3.letsencrypt.org SSL_ERROR_BAD_CERT_DOMAIN

I’m trying to set up OCSP, but when i check ocsp.int-x3.letsencrypt.org the certificate seems to be configured to be configurated for akamai and not for “ocsp.int-x3.letsencrypt.org

I get this when checking on firefox:

Every question about OCSP seems to be using HTTP, which seems kind of strange, am I doing something wrong?

Thanks for the feedback,

Hi @brunoproduit,

I believe the OCSP standard requires that OCSP queries be supported over HTTP and not HTTPS. I think it’s permitted, but not required by standards, to support OCSP queries over HTTPS. It appears that Let’s Encrypt simply does not support performing OCSP queries over HTTPS.

Akamai is the CDN that handles some parts of Let’s Encrypt’s infrastructure, including the OCSP responder.


I’m going to to it over HTTP then. I’m surprised that Akamai did not configure the cert to the good domain even if they handle the requests…

Anyway, thanks for your response!

Probably we didn't ask them to, so I don't think it's Akamai's fault. :slight_smile:

I think the right thing to do in this situation is to ask akamai not to respond to https requests i.e. shutdown server on port 443. It’s the same as with LE IPv6/IPv4 preference, should one be assigned it must work.

If according to your statement OCSP is permitted over HTTPS then if enabled should work.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.