OCSP r3.o.lencr.org is not working in China for

There is a specific host of r3.o.lencr.org that is blocked in mainland China, when the DNS resolution to (Akamai HK).

Can you check it out?

Maybe something similar to Ocsp.int-x3.letsencrypt.org is not working in China - #32 by ezekiel

@ezekiel @ranrub

meanwhile you wait for staff to fix that, try stapling OCSP response (you don't say what's your webserver is so I can't say how to do that)


That probably won't work either if the webserver is in China.

1 Like

I assume vpn is standard practice for devs in chain: github is blocked there


For dev machines, I think. But for production servers?


thanks for the advice, but I already staple. It is my IoT client that insists having an available OCSP responder

1 Like

Perhaps you could use a hosts file on the IoT client to redirect r3.o.lencr.org/ to a caching OCSP proxy you control?


I didn't put a hosts editing functionality in my IoT.
btw, even though my stack is taking the responder availability quite hard, that doesn't mean that web browsers are not affected. The responder is expected to work even with stapling

Updating here that I opened a ticket with Akamai.
r3.o.lencr.org is served by Akamai's CDN (property o.lencr.edgesuite.net) both in China and the RoW.
I'm running tests to see what is the exact resolution path of r3.o.lencr.org to

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.