OCSP responder timed out

I need help, try over change syntax of my nginx too active OCSP.
But failed.
Any suggestion?

SO : Linux Server 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

Have IPv6 disable (sysctl), and not config on interface ethernet.

DNS: opennic (try others dns, cloudflared, google, opendns)

My IP (IPv4) is dynamic from my ISP MEO

Ngnix nginx version: nginx/1.14.0 (Ubuntu):

ssl.conf

ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2;
ssl_ciphers ‘ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384’;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
ssl_stapling on;
ssl_stapling_verify on;
ssl_stapling_responder http://ocsp.int-x3.letsencrypt.org;

ngnix.conf

resolver 127.0.0.1 valid=300s ipv6=off;
resolver_timeout 5s;

Test with curl:

curl -6 -I ocsp.int-x3.letsencrypt.org
curl: (7) Couldn’t connect to server

curl -4 -I ocsp.int-x3.letsencrypt.org
HTTP/1.1 200 OK
Server: nginx
Content-Length: 0
Cache-Control: max-age=29927
Expires: Fri, 24 May 2019 20:22:12 GMT
Date: Fri, 24 May 2019 12:03:25 GMT
Connection: keep-alive

Log error.log ngnix:

2019/05/24 11:37:17 [debug] 30963#30963: ssl ocsp request
2019/05/24 11:37:17 [debug] 30963#30963: ssl ocsp request length 116, escape 7
2019/05/24 11:37:17 [debug] 30963#30963: resolve: “ocsp.int-x3.letsencrypt.org
2019/05/24 11:37:17 [debug] 30963#30963: resolve: “ocsp.int-x3.letsencrypt.org” A 56272
2019/05/24 11:37:17 [debug] 30963#30963: resolver qs:ocsp.int-x3.letsencrypt.org
2019/05/24 11:37:17 [debug] 30963#30963: ssl ocsp resolve handler
2019/05/24 11:37:17 [debug] 30963#30963: ssl ocsp connect
2019/05/24 11:37:17 [debug] 30963#30963: ssl ocsp connect peer done
2019/05/24 11:37:17 [debug] 30963#30963: ssl ocsp write handler
2019/05/24 11:37:17 [debug] 30963#30963: ssl ocsp read handler
2019/05/24 11:37:17 [debug] 30963#30963: ssl ocsp process status line
2019/05/24 11:37:17 [debug] 30963#30963: ssl ocsp status 200 “200 OK”
2019/05/24 11:37:17 [debug] 30963#30963: ssl ocsp process headers
2019/05/24 11:37:17 [debug] 30963#30963: ssl ocsp header “Server: nginx”
2019/05/24 11:37:17 [debug] 30963#30963: ssl ocsp header “Content-Type: application/ocsp-response”
2019/05/24 11:37:17 [debug] 30963#30963: ssl ocsp header “Content-Length: 527”
2019/05/24 11:37:17 [debug] 30963#30963: ssl ocsp header “ETag: “1189631915F31866D2B3DB78008037E7C3BCE097629A332A7A93642F9C44572C””
2019/05/24 11:37:17 [debug] 30963#30963: ssl ocsp header “Last-Modified: Wed, 22 May 2019 14:00:00 UTC”
2019/05/24 11:37:17 [debug] 30963#30963: ssl ocsp header “Cache-Control: public, no-transform, must-revalidate, max-age=15881”
2019/05/24 11:37:17 [debug] 30963#30963: ssl ocsp header “Expires: Fri, 24 May 2019 15:01:58 GMT”
2019/05/24 11:37:17 [debug] 30963#30963: ssl ocsp header “Date: Fri, 24 May 2019 10:37:17 GMT”
2019/05/24 11:37:17 [debug] 30963#30963: ssl ocsp header “Connection: close”
2019/05/24 11:37:17 [debug] 30963#30963: ssl ocsp process body
2019/05/24 11:37:17 [debug] 30963#30963: ssl ocsp dummy handler
2019/05/24 11:38:17 [debug] 30963#30963: ssl ocsp read handler
2019/05/24 11:38:17 [error] 30963#30963: OCSP responder timed out (110: Connection timed out) while requesting certificate status, responder: ocsp.int-x3.letsencrypt.org, peer: 95.101.72.151:80, certificate: “/etc/letsencrypt/live/domian/fullchain.pem”
2019/05/24 11:38:17 [debug] 30963#30963: ssl ocsp error
2019/05/24 11:38:17 [debug] 30963#30963: ssl ocsp done

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.