I have my certificate in place, it seems to be working and I'm very happy about that.
To that end:
openssl x509 -noout -text -in mycert.pem
produces the following out:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:9c:c6:e3:35:fe:8d:49:15:a2:43:33:40:18:a3:23:fd:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
Validity
Not Before: Sep 1 15:33:31 2020 GMT
Not After : Nov 30 15:33:31 2020 GMT
Subject: CN = my.host.name
.
.
.
Authority Information Access:
OCSP - URI:http://ocsp.int-x3.letsencrypt.org
CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
So far so good....
Now you will note that I'm about one month into the 3 month window... so, this is not a "new" cert.
For no other reson than I'm learning how to check certificate validity (ie: I'm not concerned that my certificate has been revoked)
$ openssl ocsp -issuer chain.pem -cert my.host.name.pem -text -url http://ocsp.int-x3.letsencrypt.org
OCSP Request Data:
Version: 1 (0x0)
Requestor List:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: 7EE66AE7729AB3FCF8A220646C16A12D6071085D
Issuer Key Hash: 4E7F741369B25D38BBB6A938CABE9C73A1B2B02A
Serial Number: 039CC6E335FED415A243334018A323FD7C
Request Extensions:
OCSP Nonce:
04103238D6BBDA1C0E8234E895DB8E84033D
Responder Error: unauthorized (6)
I have used the process of building the chain to verify a certificate that uses CRL is valid, so I believe that my chain process works correctly.
Is it me?
Is it http://ocsp.int-x3.letsencrypt.org?
Any thoughts would be welcomed.