[6.11] nginx certificate errors

[wgstarks]

I’m seeing these errors repeating about every 90 minutes in my system log.

 

Sep 26 21:16:54 Brunnhilde nginx: 2022/09/26 21:16:54 [error] 10773#10773: recv() failed (111: Connection refused) while requesting certificate status, responder: r3.o.lencr.org, peer: 23.219.154.139:80, certificate: "/boot/config/ssl/certs/certificate_bundle.pem"
Sep 26 21:16:54 Brunnhilde nginx: 2022/09/26 21:16:54 [error] 10773#10773: OCSP responder prematurely closed connection while requesting certificate status, responder: r3.o.lencr.org, peer: 23.219.154.139:80, certificate: "/boot/config/ssl/certs/certificate_bundle.pem"

Is this something to be concerned about?

 

brunnhilde-diagnostics-20220926-2312.zip

[ljm42]

It looks like you have a firewall blocking outgoing connections to this address:

  responder: r3.o.lencr.org, peer: 23.219.154.139:80

This is preventing your server from setting up OCSP stapling on the Lets Encrypt certificate.  It isn't critical, but having it does speed up browser connections to the server.  You can read about OCSP stapling here:

  https://knowledge.digicert.com/quovadis/ssl-certificates/ssl-general-topics/what-is-ocsp-stapling.html

[wgstarks]

I use pfsense for my firewall but not using any filtering. Looks like the most recent occurrence of the error was at 0500 this morning. Perhaps that means it was a server problem and it’s now connecting. Is there anyway to check that?

[wgstarks]

I can ping that IP.

[ljm42]

2 hours ago, wgstarks said:

Looks like the most recent occurrence of the error was at 0500 this morning. Perhaps that means it was a server problem and it’s now connecting. Is there anyway to check that?

 

I don't see any messages on my server either so I'd say it "succeeds silently". If there aren't any messages you are probably fine.