In the aftermath of today’s OCSP issues, I’m still experiencing intermittent problems as of 04:00 UTC August 24th. I’m not able to reproduce this on demand; some sites will load fine once or twice, then a few minutes later they won’t load, with Firefox 61.0.1 giving me the following error:
Secure Connection Failed
An error occurred during a connection to certbot.eff.org. The OCSP server has refused this request as unauthorized. Error code: SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem.
I’m seeing this on a variety of sites e.g. wreg.com, the certbot client site at certbot.eff.org, and several of my own domains. The certificates all seem good, but it looks like the OCSP server is still generating occasional false “unauthorized” responses. If I set Firefox’s preference
false, I can bypass the errors, but I prefer to keep this setting turned on.
Looking at my DNS logs, my browser is making its OCSP requests to ocsp.int-x3.letsencrypt.org, which CNAMEs to a771.dscq.akamai.net, which from my location has two A records, 18.104.22.168 and 22.214.171.124. Are there any known ongoing issues with these servers?