My domain is: https://donald.pragmatika.net (but affects all my servers)
I ran this command:
bash /opt/testssl.sh/testssl.sh --openssl=/etc/nginx/openssl/bin/openssl https://donald.pragmatika.net:443
It produced this output:
First run
Testing server preferences
Has server cipher order? yes (OK) -- TLS 1.3 and below
Negotiated protocol TLSv1.3
Negotiated cipher TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256)
Cipher order
TLSv1.2: ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA256
TLSv1.3: TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256
Testing server defaults (Server Hello)
TLS extensions (standard) "renegotiation info/#65281" "server name/#0" "EC point formats/#11" "next protocol/#13172" "supported versions/#43" "key share/#51"
"status request/#5" "max fragment length/#1" "application layer protocol negotiation/#16" "encrypt-then-mac/#22"
"extended master secret/#23"
Session Ticket RFC 5077 hint no -- no lifetime advertised
SSL Session ID support yes
Session Resumption Tickets no, ID: yes
TLS clock skew Random values, no fingerprinting possible
Signature Algorithm SHA256 with RSA
Server key size RSA 4096 bits
Server key usage Digital Signature, Key Encipherment
Server extended key usage TLS Web Server Authentication, TLS Web Client Authentication
Serial / Fingerprints 04EC947430A3EEEB16EDD1AA236D14C2F34D / SHA1 1000702603AB4BDFD1C5A6210C48A947CC080A12
SHA256 FD3011B6F9431FE1ED82C5D4D4514ED747C902AAE2DE50B8D77BBA39CEA37586
Common Name (CN) donald.pragmatika.net
subjectAltName (SAN) donald.pragmatika.net
Issuer Let's Encrypt Authority X3 (Let's Encrypt from US)
Trust (hostname) Ok via SAN (same w/o SNI)
Chain of trust Ok
EV cert (experimental) no
ETS/"eTLS", visibility info not present
Certificate Validity (UTC) 89 >= 30 days (2020-04-12 17:18 --> 2020-07-11 17:18)
# of certificates provided 2
Certificate Revocation List --
OCSP URI http://ocsp.int-x3.letsencrypt.org
OCSP stapling not offered
OCSP must staple extension requires OCSP stapling (NOT ok)
DNS CAA RR (experimental) available - please check for match with "Issuer" above
issue=letsencrypt.org, issuewild=;
Certificate Transparency yes (certificate extension)
Note: OCSP not firing correctly.
OCSP stapling not offered
OCSP must staple extension requires OCSP stapling (NOT ok)
Second run
Testing server defaults (Server Hello)
TLS extensions (standard) "renegotiation info/#65281" "server name/#0" "EC point formats/#11" "status request/#5" "next protocol/#13172" "supported versions/#43"
"key share/#51" "max fragment length/#1" "application layer protocol negotiation/#16" "encrypt-then-mac/#22" "extended master secret/#23"
Session Ticket RFC 5077 hint no -- no lifetime advertised
SSL Session ID support yes
Session Resumption Tickets no, ID: yes
TLS clock skew Random values, no fingerprinting possible
Signature Algorithm SHA256 with RSA
Server key size RSA 4096 bits
Server key usage Digital Signature, Key Encipherment
Server extended key usage TLS Web Server Authentication, TLS Web Client Authentication
Serial / Fingerprints 04EC947430A3EEEB16EDD1AA236D14C2F34D / SHA1 1000702603AB4BDFD1C5A6210C48A947CC080A12
SHA256 FD3011B6F9431FE1ED82C5D4D4514ED747C902AAE2DE50B8D77BBA39CEA37586
Common Name (CN) donald.pragmatika.net
subjectAltName (SAN) donald.pragmatika.net
Issuer Let's Encrypt Authority X3 (Let's Encrypt from US)
Trust (hostname) Ok via SAN (same w/o SNI)
Chain of trust Ok
EV cert (experimental) no
ETS/"eTLS", visibility info not present
Certificate Validity (UTC) 89 >= 30 days (2020-04-12 17:18 --> 2020-07-11 17:18)
# of certificates provided 2
Certificate Revocation List --
OCSP URI http://ocsp.int-x3.letsencrypt.org
OCSP stapling offered, not revoked
OCSP must staple extension supported
DNS CAA RR (experimental) available - please check for match with "Issuer" above
issue=letsencrypt.org, issuewild=;
Certificate Transparency yes (certificate extension)
Note: OCSP is firing correctly.
OCSP stapling offered, not revoked
OCSP must staple extension supported
My web server is (include version): Nginx 1.17.9
The operating system my web server runs on is (include version): Ubuntu 18.04.3 LTS
My hosting provider, if applicable, is: DigitalOcean
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): certbot 1.3.0
This is the command I use to (successfully) obtain a certificate:
sudo /opt/certbot/certbot-auto \
certonly \
--agree-tos \
--cert-name $heartbeat_fqdn \
--config-dir /etc/certbot/ \
--domains $heartbeat_fqdn \
--email $certbotemail \
--key-path /etc/certbot/live/$heartbeat_fqdn/ \
--must-staple \
--no-eff-email \
--rsa-key-size 4096 \
--server https://acme-v02.api.letsencrypt.org/directory \
--staple-ocsp \
--webroot \
--webroot-path /var/www/heartbeat/_well-known
Note: OCSP stapling and is set, along with ‘must staple’.
I have an Nginx server and I am aware this might be outside the LE remit, but I’m gradually pulling my hair out over this, so I would greatly appreciate some help in understanding why this is happening.
Overview
When Nginx is restarted and TLS is set up correctly, the first visit to the site - whether it’s testssl.sh
or similar TLS checker - will report broken OCSP stapling. A subsequent test with no other activity taking place will report working OCSP stapling.
If a Firefox-based browser hits the site as the first visitor after an Nginx restart, a MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING
error is thrown - OCSP stapling not working. A page refresh resolves this, and subsequent page views work fine. I also tested Mac/Safari and that works first time.
Nginx has primary and secondary resolvers for DNS, both appear to be working, and there’s a 10 second timeout which happens after the error is thrown, so I can only think there’s some sort of OCSP snag that I’m hitting for the (un)lucky first customer that hits the site.
Any advice or feedback very welcome. Thank you in advance.