OCSP response not successful (6: unauthorized)

I started getting the following error about 24 hours ago, without any changes to my web server, is there something I can do? Any other logs I can look at?

My domain is:
apollo.borealisai.com

I ran this command:
certificate status

It produced this output:
OCSP response not successful (6: unauthorized) while requesting certificate status, responder: ocsp.int-x3.letsencrypt.org, peer: 204.237.142.219:80, certificate: "/etc/letsencrypt/fullchain-copy.pem"

My web server is (include version):
nginx latest

The operating system my web server runs on is (include version):
Debian 9

My hosting provider, if applicable, is:
AWS

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.28.0

Hi @Meidan

checking your domain that's the expected (new) result ( https://check-your-website.server-daten.de/?q=apollo.borealisai.com ).

Why? Your certificate is expired:

CN=apolloapi.borealisai.de
	08.07.2019
	06.10.2019
1 days expired	
apollo.borealisai.com, apolloapi.borealisai.de, www.apollo.borealisai.com - 3 entries

so OCSP returns an unauthorized answer.

Renew your certificate.

thanks! never even thought of checking that, as certificate was on auto renewal, problem was it included an old domain

Certbot 0.39.0 will also prevent this error from appearing in the future. It was updated to not send OCSP requests for certificates that are expired: Certbot 0.39.0 Release

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.