Responder Error: unauthorized (6)

I use two Let's Encrypt certs to run some services - let's call these certs A and B.

A and B were both provisioned from Let's Encrypt's staging servers. A has a CN of *.r704.doh.names.test.dns.aka-mcqa.com while B has a CN of *.r707.doh.names.test.dns.aka-mcqa.com. Per the -ocsp_uri option of openssl x509, both certs use http://stg-r3.o.lencr.org as their OCSP responder URI. Both certs are within their valid dates.

I use this command to retrieve the stapling data:
openssl ocsp -issuer chain_cert -verify_other chain_cert -cert certificate -url http://stg-r3.o.lencr.org -respout stapling -header 'Host=stg-r3.o.lencr.org'
where certificate holds the 3 certs in the chain (my cert, the staging R3 cert, and the staging X1 cert) and chain_cert holds just the staging R3 and staging X1 certs.

Retrieval of the stapling data for B is successful. However, trying to retrieve the stapling data for A results in the following error:
Responder Error: unauthorized (6)

What can cause this error?

Could you perhaps share both certificates?

My guess is that this would be due to them deleting certificates from staging on Nov. 15.

You should be able to issue new certificates for the failing ones and have them work. If you're going to be utilizing staging extensively, you probably want to subscribe to the API Announcements category to get these sorts of notifications. They don't erase staging very often, but when they do it tends to confuse some people using it a lot like it did you.

You may also want to read through the explanation of how they expect staging to be used, and their promises (or lack thereof) for the data there:

Thanks - I believe this is the cause of the issue I am seeing, as the working cert I mentioned above is from Dec15, while the non-working cert is from Nov1.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.