In the nginx main error logs (/var/log/nginx/error.log
) many of these errors are logged:
2020/04/16 07:04:09 [error] 49967#49967: OCSP response not successful (6: unauthorized) while requesting certificate status, responder: ocsp.int-x3.letsencrypt.org, peer: 2.21.242.245:80, certificate: "/etc/nginx/ssl/letsencrypt/<example.com>-1127434-bundled.cert"
2020/04/16 07:35:05 [error] 49967#49967: OCSP response not successful (6: unauthorized) while requesting certificate status, responder: ocsp.int-x3.letsencrypt.org, peer: 2.21.242.204:80, certificate: "/etc/nginx/ssl/letsencrypt/<example.com>-1127434-bundled.cert"
2020/04/16 07:47:01 [error] 49967#49967: OCSP response not successful (6: unauthorized) while requesting certificate status, responder: ocsp.int-x3.letsencrypt.org, peer: 2.21.242.245:80, certificate: "/etc/nginx/ssl/letsencrypt/<example.com>-1127434-bundled.cert"
2020/04/16 09:31:03 [error] 49967#49967: OCSP response not successful (6: unauthorized) while requesting certificate status, responder: ocsp.int-x3.letsencrypt.org, peer: 172.232.7.163:80, certificate: "/etc/nginx/ssl/letsencrypt/<example.com>-1127434-bundled.cert"
2020/04/16 09:31:04 [error] 49967#49967: OCSP response not successful (6: unauthorized) while requesting certificate status, responder: ocsp.int-x3.letsencrypt.org, peer: 172.232.7.163:80, certificate: "/etc/nginx/ssl/letsencrypt/<example.com>-1127434-bundled.cert"
2020/04/16 10:20:32 [error] 49967#49967: OCSP response not successful (6: unauthorized) while requesting certificate status, responder: ocsp.int-x3.letsencrypt.org, peer: 184.26.44.105:80, certificate: "/etc/nginx/ssl/letsencrypt/<example.com>-1127434-bundled.cert"
2020/04/16 13:00:03 [error] 49968#49968: OCSP response not successful (6: unauthorized) while requesting certificate status, responder: ocsp.int-x3.letsencrypt.org, peer: 172.232.7.170:80, certificate: "/etc/nginx/ssl/letsencrypt/<example.com>-1127434-bundled.cert"
Are these genuine Let’s Encrypt servers that want to verify the certificate status somehow?
Should nginx in Trellis be configured to accept these requests?