Problem with ocsp.int-x3.letsencrypt.org?

horizn · May 19, 2017, 9:29am

Hi,
Starting from this morning I am getting OSCP stampling errors for multi sites located in different countries (only on FireFox)
SSL Labs reports:
Revocation status Validation error
OCSP ERROR: Exception: Read timed out [http://ocsp.int-x3.letsencrypt.org/]

Error in Apache:
[Fri May 19 09:19:35.456041 2017] [ssl:error] [pid 21754:tid 140012460939008] AH01941: stapling_renew_response: responder error
[Fri May 19 09:23:48.309237 2017] [ssl:error] [pid 22011:tid 139882496182016] (70007)The timeout specified has expired: [client 1.2.3.4:57240] AH01977: failed reading line from OCSP server
[Fri May 19 09:23:48.309280 2017] [ssl:error] [pid 22011:tid 139882496182016] [client 1.2.3.4:57240] AH01980: bad response from OCSP server: (none)

nolimitdev · May 19, 2017, 9:33am

See Validation error

braamvh · May 19, 2017, 9:44am

I am getting the same on all 4 OCSP severs, even though they show as online in the status panel.

OpenSSL yields:

OCSP Request Data:
Version: 1 (0x0)
Requestor List:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: 7EE66AE7729AB3FCF8A220646C16A12D6071085D
Issuer Key Hash: A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA1
Serial Number: 04D5DEFDA3D6FBE17FD5289272583AD4252B
Request Extensions:
OCSP Nonce:
04103A564024315BD08B4AD2230CC5F3CFB8
Error querying OCSP responsder
140182528665504:error:27076072:OCSP routines:PARSE_HTTP_LINE1:server response error:ocsp_ht.c:250:Code=504,Reason=Gateway Time-out

Kaempf · May 19, 2017, 9:47am

We see the same issue. Started around 08:00 GMT and still ongoing.

Netsons · May 19, 2017, 9:57am

Yes same issue.

There are any news about ?

nolimitdev · May 19, 2017, 10:03am

Status of OCSPs servers at http://letsencrypt.status.io/ should be changed to partial disruption

Hidroxid · May 19, 2017, 2:11pm

The status show operational, but i still get error.

I use stunnel

Any clue?

Thanks in advance

cpu · May 19, 2017, 2:15pm

This error is a result of an ongoing service disruption. Please follow status.letsencrypt.org for more information. We should have all of the remaining issues resolved shortly.

In the meantime I’m going to lock this thread since there isn’t a need for further discussion on this particular error. Please open a new thread if you need to resume discussion.

Thanks for your patience, we apologize for the disruption and I expect more detailed root cause information will be shared in the near future.

Edit: The root cause of the issue above has long been resolved. Please open a new thread if you are experiencing OCSP trouble.

Topic		Replies	Views
Validation error Help	10	4158	May 19, 2017
OCSP ERROR: Exception: connect timed out [http://ocsp.int-x3.letsencrypt.org/] Help	3	6020	October 16, 2016
OCSP_check_validity() failed Help	3	4260	January 11, 2017
OCSP ERROR: Request failed with OCSP status: 6 [http://ocsp.int-x3.letsencrypt.org/] Help	7	8804	January 19, 2017
SSL Labs Shows Errors on OCSP Checking Site Feedback	12	5578	June 22, 2021

Problem with ocsp.int-x3.letsencrypt.org?

Related topics