Hi there,
I currently have Let’s Encrypt installed on my Ubuntu 16.04 server. I had to reinstall the ssl certificate and edit the conf file in sites-available as the domain changed. The domain is working both with http and https, however, this was generated in the report for www and non-www:
Revocation status:
Validation error
OCSP ERROR: Exception: Connection refused [http://ocsp.int-x3.letsencrypt.org]
DNS CAA
No
Is there anything I should be worried about?
Hi @josefarrugia,
I can't see any outage/issue regarding ocsp in https://letsencrypt.status.io/ and I tested it a few minutes ago and I can check the ocsp response for one of my certs.
Can you connect to http://ocsp.int-x3.letsencrypt.org from that Ubuntu server?.
curl -ikL http://ocsp.int-x3.letsencrypt.org
You should see something like this:
$ curl -ikL http://ocsp.int-x3.letsencrypt.org
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/plain; charset=utf-8
Content-Length: 0
Cache-Control: max-age=9369
Expires: Wed, 11 Oct 2017 12:45:44 GMT
Date: Wed, 11 Oct 2017 10:09:35 GMT
Connection: keep-alive
Also, you can check the ocsp response for one of your certs. For example, let's say your domain is domain.tld, so to check it you can do this:
cd /etc/letsencrypt/live/domain.tld/
openssl ocsp -no_nonce -issuer chain.pem -cert cert.pem -VAfile chain.pem -text -url http://ocsp.int-x3.letsencrypt.org/ -header Host ocsp.int-x3.letsencrypt.org
If you are using stapling on your web server and it can't connect to the url to check the certs, yes, you could have a problem.
Cheers,
sahsanu
What is the tool that produced that report?
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.