R3 OSCP Unauthorized: by Digitorus

Using Digitorus OSCP online checker, it is reporting that LetsEncrypt R3 OSCP responder is returning “unauthorized”.

This seems to be either the case of an older OSCP verification (decoding error) by Digitorus OSCP Validator or is this a new problem?

Otherwise, this site is passing VeriSign, and DigiCert TLS tools.

Please advise.

My domain is: Egbert.net

I ran this command:

Using latest stable Firefox on iOS, visited URL egbert.net revocation status

It produced this output:

R3 OSCP Response: Unauthorized

My web server is (include version):

Not applicable.

The operating system my web server runs on is (include version):

Debian 11

My hosting provider, if applicable, is:

VPS provider

I can login to a root shell on my machine (yes or no, or I don't know):

Not applicable

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

Using certbot 1.12.02

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Post Analysis:

Seems like the http-based LetsEncrypt R3 (intermediate CA) OSCP Responder only allows two HTTP methods (GET and POST) but not the unknown HTTP method.

The response to this unknown HTTP method was in form of a DER format.

I only see three green checkmarks, which suggests the results are expected, right? So what seems to be the problem?

The RFC for OSCP requires requests to be submitted as GET or POST, with different procedures for both. See:

The "unknown" method on that site likely means the request is sent with either a missing or malformed/illegal method – many systems and libraries call unsupported methods "unknown".

Returning a failed response in this context – not sending a request in the form of a GET or POST as required by the RFC – is both appropriate and expected.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.