OCSP requests via openssl not working

I’m currently fighting with nginx’ lazy OCSP stapling and try to get OCSP responses manually with openssl 1.0.2k.

I try to fetch the OCSP response with

openssl ocsp -no_nonce -url "http://ocsp.int-x3.letsencrypt.org" \
  -header "Host" "http://ocsp.int-x3.letsencrypt.org" \
  -respout /some/path/ntzwrk.org.ocsp \
  -issuer /etc/letsencrypt/live/ntzwrk.org/chain.pem \
  -VAfile /etc/letsencrypt/live/ntzwrk.org/chain.pem \
  -cert /etc/letsencrypt/live/ntzwrk.org/cert.pem

which results in

Error querying OCSP responder
140536047384208:error:27076072:OCSP routines:PARSE_HTTP_LINE1:server response error:ocsp_ht.c:314:Code=400,Reason=Bad Request

I worked through different forum threads but none of the problem seems to be mine. Does anybody has an idea what could cause this “Bad request” error? I saw that there were lately some issues with OCSP responses, is this maybe related to these?

The host header should be set to “ocsp.int-x3.letsencrypt.org” rather than “http://ocsp.int-x3.letsencrypt.org”. Not sure if that’s the issue here, but it seems likely.

2 Likes

Oh, that’s totally right, and solved the problem. Might be just too late :smiley:

Sorry and thanks for the quick help :thumbsup:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.