OCSP response not successful (6: unauthorized)

I started getting the following error about 24 hours ago, without any changes to my web server, is there something I can do? Any other logs I can look at?

My domain is:
apollo.borealisai.com

I ran this command:
certificate status

It produced this output:
OCSP response not successful (6: unauthorized) while requesting certificate status, responder: ocsp.int-x3.letsencrypt.org, peer: 204.237.142.219:80, certificate: "/etc/letsencrypt/fullchain-copy.pem"

My web server is (include version):
nginx latest

The operating system my web server runs on is (include version):
Debian 9

My hosting provider, if applicable, is:
AWS

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.28.0

Hi @Meidan

checking your domain that's the expected (new) result ( https://check-your-website.server-daten.de/?q=apollo.borealisai.com ).

Why? Your certificate is expired:

CN=apolloapi.borealisai.de
	08.07.2019
	06.10.2019
1 days expired	
apollo.borealisai.com, apolloapi.borealisai.de, www.apollo.borealisai.com - 3 entries

so OCSP returns an unauthorized answer.

Renew your certificate.

2 Likes

thanks! never even thought of checking that, as certificate was on auto renewal, problem was it included an old domain

2 Likes

Certbot 0.39.0 will also prevent this error from appearing in the future. It was updated to not send OCSP requests for certificates that are expired: Certbot 0.39.0 Release

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.