When making a change to an nginx web server running on Ubuntu, I tested the nginx configuration and received the following warning:
nginx: [warn] “ssl_stapling” ignored, host not found in OCSP responder “ocsp.int-x3.letsencrypt.org/”
I’d set up the web server a few months ago and had been updating the nginx configuration without seeing this warning until yesterday.
I started poking around and tested OCSP using openssl.
I ran the following command:
sudo openssl ocsp -issuer chain.pem -cert tm.pem -text -url http://ocsp.int-x3.letsencrypt.org/
with the following results
OCSP Request Data: Version: 1 (0x0) Requestor List: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: 7EE66AE7729AB3FCF8A220646C16A12D6071085D Issuer Key Hash: A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA1 Serial Number: 03BD1754FBA80442EFE1CE2735DC96C598CF Request Extensions: OCSP Nonce: 0410DC5C7354CF0C9838F66506F58A081AE3 Error connecting BIO Error querying OCSP responder 140605810423448:error:2006A066:BIO routines:BIO_get_host_ip:bad hostname lookup:b_sock.c:146:host=ocsp.int-x3.letsencrypt.org
The website seems to work fine.
I can’t find much info about the error. I don’t know what changed.