OCSP responses inconsistent between different OCSP Servers

Lofesa · October 31, 2016, 2:06pm

Same here starting about 7:44 GMT+1 . As a workaround I use this script to get a good response in to a file and use it whit ssl_stapling_file directive in nginx. The script is only part of the script posted by @Troon here

Script

#!/bin/sh
SITE=$1
LEDIR=/etc/letsencrypt/live
DIR=$LEDIR/$SITE
HOST=ocsp.int-x3.letsencrypt.org
MTO=my-email@example.com

openssl ocsp -no_nonce \
             -respout      $DIR/ocsp.resp.new \
             -issuer       $DIR/chain.pem \
             -verify_other $DIR/chain.pem \
             -cert         $DIR/cert.pem \
             -url http://$HOST/ \
             -header "HOST" "$HOST" > $DIR/ocsp-reply.txt 2>&1

if grep -q ": good" $DIR/ocsp-reply.txt; then
    if cmp -s $DIR/ocsp.resp.new $DIR/ocsp.resp; then
        rm $DIR/ocsp.resp.new
    fi
fi

Topic		Replies	Views
OCSP server returns unauthorized status Issuance Tech	7	5719	December 2, 2016
Responder Error: unauthorized (6) Help	13	7781	January 19, 2020
Ocsp server responses for new certificates Issuance Tech	10	2239	January 6, 2021
Apache - robust OCSP stapling config Help	6	4358	September 26, 2018
OCSP response for our site is not up to date Server	2	1848	December 12, 2016

OCSP responses inconsistent between different OCSP Servers

Related topics