Hey folks; searching the forums, I see that this is a problem which has occurred in the past and the admins have been stomping down on the root-cause triggers each time.
For the Exim MTA project’s mailhub, we use a Let’s Encrypt cert,
DNS:hummus.csx.cam.ac.uk, DNS:mx.exim.org; we refetch an OCSP staple via a cron job every two days and also immediately after renewing the cert (a monthly cron job).
Since the latest renew, we’re getting
Responder Error: unauthorized (6) from
openssl ocsp; this is 100% reproducible … reading the previous forum responses, I’m guessing it’s a cached error?
Is this anything we’ve done wrong to trigger it? Would a
sleep N between getting the new cert and requesting the first OCSP staple for it help reduce the likelihood of problems? Anything we can do to get this resolved, other than my posting here?