Problem with

Starting from this morning I am getting OSCP stampling errors for multi sites located in different countries (only on FireFox)
SSL Labs reports:
Revocation status Validation error
OCSP ERROR: Exception: Read timed out []

Error in Apache:
[Fri May 19 09:19:35.456041 2017] [ssl:error] [pid 21754:tid 140012460939008] AH01941: stapling_renew_response: responder error
[Fri May 19 09:23:48.309237 2017] [ssl:error] [pid 22011:tid 139882496182016] (70007)The timeout specified has expired: [client] AH01977: failed reading line from OCSP server
[Fri May 19 09:23:48.309280 2017] [ssl:error] [pid 22011:tid 139882496182016] [client] AH01980: bad response from OCSP server: (none)

See Validation error

I am getting the same on all 4 OCSP severs, even though they show as online in the status panel.

OpenSSL yields:

OCSP Request Data:
Version: 1 (0x0)
Requestor List:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: 7EE66AE7729AB3FCF8A220646C16A12D6071085D
Issuer Key Hash: A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA1
Serial Number: 04D5DEFDA3D6FBE17FD5289272583AD4252B
Request Extensions:
OCSP Nonce:
Error querying OCSP responsder
140182528665504:error:27076072:OCSP routines:PARSE_HTTP_LINE1:server response error:ocsp_ht.c:250:Code=504,Reason=Gateway Time-out

We see the same issue. Started around 08:00 GMT and still ongoing.

Yes same issue.

There are any news about ?

Status of OCSPs servers at should be changed to partial disruption

The status show operational, but i still get error.

I use stunnel :frowning:

Any clue?

Thanks in advance

This error is a result of an ongoing service disruption. Please follow for more information. We should have all of the remaining issues resolved shortly.

In the meantime I’m going to lock this thread since there isn’t a need for further discussion on this particular error. Please open a new thread if you need to resume discussion.

Thanks for your patience, we apologize for the disruption and I expect more detailed root cause information will be shared in the near future.

Edit: The root cause of the issue above has long been resolved. Please open a new thread if you are experiencing OCSP trouble.