starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-13 23:23:32 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

ocsp fetch delay required after new cert was issued #496

New Issue
Open
opened 2025-12-29 01:26:14 +01:00 by adam · 2 comments
adam commented 2025-12-29 01:26:14 +01:00
Owner
Copy Link

Originally created by @bjacke on GitHub (Oct 8, 2020).

If you issue a new cert, then the ocsp information for that certificate is sometimes not yet available at the ocsp servers. In such situations a must-staple certificat will be unusable. A small delay between the certificate issuing and the ocsp fetching would help already but it looks like this is not possible to do just by changing the configuration or hook script. A "oscp-fetch-delay-after-cert-issuing" variable is needed I think, a fixed delay of something like 5s might also be okay, but I can imagine that some CAs might need an even longer sleep here.

Originally created by @bjacke on GitHub (Oct 8, 2020). If you issue a new cert, then the ocsp information for that certificate is sometimes not yet available at the ocsp servers. In such situations a must-staple certificat will be unusable. A small delay between the certificate issuing and the ocsp fetching would help already but it looks like this is not possible to do just by changing the configuration or hook script. A "oscp-fetch-delay-after-cert-issuing" variable is needed I think, a fixed delay of something like 5s might also be okay, but I can imagine that some CAs might need an even longer sleep here.
adam commented 2025-12-29 01:26:14 +01:00
Author
Owner
Copy Link

@lukas2511 commented on GitHub (Dec 10, 2020):

Workaround for now: Add a delay to your deploy_cert hook.

I'll try to work on a better solution than a simple sleep (which may extremely slow down operation for some users) for the next release.

@lukas2511 commented on GitHub (Dec 10, 2020): Workaround for now: Add a delay to your `deploy_cert` hook. I'll try to work on a better solution than a simple sleep (which may extremely slow down operation for some users) for the next release.
adam commented 2025-12-29 01:26:15 +01:00
Author
Owner
Copy Link

@zhangyoufu commented on GitHub (Jun 9, 2021):

FYI, some message related to OCSP delay, from ZeroSSL customer support (2021-01)

Our internal team is confirming that we’re working on improving the speed of the availability for OCSP responses for new certificates - currently OCSP responses are available on average about 1 minute after a certificate was issued. We’re working on improving this time frame drastically.

@zhangyoufu commented on GitHub (Jun 9, 2021): FYI, some message related to OCSP delay, from ZeroSSL customer support (2021-01) > Our internal team is confirming that we’re working on improving the speed of the availability for OCSP responses for new certificates - currently OCSP responses are available on average about 1 minute after a certificate was issued. We’re working on improving this time frame drastically.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#496
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?