starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-11 22:30:44 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

Let's Encrypt / OCSP #641

New Issue
Open
opened 2025-12-29 01:28:07 +01:00 by adam · 4 comments
adam commented 2025-12-29 01:28:07 +01:00
Owner
Copy Link

Originally created by @sebastianhelbig on GitHub (May 13, 2025).

https://letsencrypt.org/2024/12/05/ending-ocsp/

 + Updating OCSP stapling file
ERROR: Error while fetching OCSP information: Error querying OCSP responder
286BDB054F7F0000:error:8000006F:system library:BIO_connect:Connection refused:crypto/bio/bio_sock2.c:178:calling connect()
286BDB054F7F0000:error:10000067:BIO routines:BIO_connect:connect error:crypto/bio/bio_sock2.c:180:
286BDB054F7F0000:error:8000006F:system library:conn_state:Connection refused:crypto/bio/bss_conn.c:215:calling connect(<NULL>, 80)
286BDB054F7F0000:error:10000067:BIO routines:conn_state:connect error:crypto/bio/bss_conn.c:268:

We previously configured nginx to use the created ocsp stapling file. It seems to move on we have to disable ocsp options in dehdyrated and nginx. This feels like a downgrade.

Originally created by @sebastianhelbig on GitHub (May 13, 2025). https://letsencrypt.org/2024/12/05/ending-ocsp/ ``` + Updating OCSP stapling file ERROR: Error while fetching OCSP information: Error querying OCSP responder 286BDB054F7F0000:error:8000006F:system library:BIO_connect:Connection refused:crypto/bio/bio_sock2.c:178:calling connect() 286BDB054F7F0000:error:10000067:BIO routines:BIO_connect:connect error:crypto/bio/bio_sock2.c:180: 286BDB054F7F0000:error:8000006F:system library:conn_state:Connection refused:crypto/bio/bss_conn.c:215:calling connect(<NULL>, 80) 286BDB054F7F0000:error:10000067:BIO routines:conn_state:connect error:crypto/bio/bss_conn.c:268: ``` We previously configured nginx to use the created ocsp stapling file. It seems to move on we have to disable ocsp options in dehdyrated and nginx. This feels like a downgrade.
adam commented 2025-12-29 01:28:08 +01:00
Author
Owner
Copy Link

@lukas2511 commented on GitHub (May 13, 2025):

Not entirely sure why you have opened this ticket here, especially while linking directly to the letsencrypt announcement. Dehydrated can't magically invent OCSP signatures. If you really need that feature you'd probably want to use a different CA.

@lukas2511 commented on GitHub (May 13, 2025): Not entirely sure why you have opened this ticket here, especially while linking directly to the letsencrypt announcement. Dehydrated can't magically invent OCSP signatures. If you really need that feature you'd probably want to use a different CA.
adam commented 2025-12-29 01:28:08 +01:00
Author
Owner
Copy Link

@sebastianhelbig commented on GitHub (May 13, 2025):

Obviously to let other users know that the ocsp config options in dehydrated have to be set to "no" when they get the same error.

@sebastianhelbig commented on GitHub (May 13, 2025): Obviously to let other users know that the ocsp config options in dehydrated have to be set to "no" when they get the same error.
adam commented 2025-12-29 01:28:08 +01:00
Author
Owner
Copy Link

@sebastianhelbig commented on GitHub (May 13, 2025):

Also the script currently completely halts on encountering this error and does not continue to create certificates for other domains, although --keep-going is set. So this is either a bug in the script or in the documentation.

@sebastianhelbig commented on GitHub (May 13, 2025): Also the script currently completely halts on encountering this error and does not continue to create certificates for other domains, although `--keep-going` is set. So this is either a bug in the script or in the documentation.
adam commented 2025-12-29 01:28:08 +01:00
Author
Owner
Copy Link

@lukas2511 commented on GitHub (May 18, 2025):

Also the script currently completely halts on encountering this error and does not continue to create certificates for other domains, although --keep-going is set. So this is either a bug in the script or in the documentation.

Yea this seems to be an actual bug. Re-opening this as an issue that needs to be adressed.

@lukas2511 commented on GitHub (May 18, 2025): > Also the script currently completely halts on encountering this error and does not continue to create certificates for other domains, although `--keep-going` is set. So this is either a bug in the script or in the documentation. Yea this seems to be an actual bug. Re-opening this as an issue that needs to be adressed.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#641
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?