Also posted on: [https://unix.stackexchange.com/questions/709950/nginx-warn-ssl-stapling-ignored-host-not-found-in-ocsp-responder-r3-o-len](https://unix.stackexchange.com/questions/709950/nginx-warn-ssl-stapling-ignored-host-not-found-in-ocsp-responder-r3-o-len)
I updated my router firmware and it ended up killing my webserver, so I reverted back to the old firmware in hopes that it would un\*\*\*\* itself. It didn't.
So now I'm battling an issue where I'm probably at my wits end, I cannot make it work. All my applications running in the background are working fine and internet/LAN is working aswell.
Whenever I try to start up the nginx web server it returns with this OCSP responder message and I have tried changing things but to no avail. And why would I have to change anything to make it work when I didn't change anything to mess it up?
I've tried turning on the nginx debug mode and it shows me this:
2022/07/15 11:53:50 [debug] 2294#2294: *308 write new buf t:1 f:0 000055F521DAC0C0, pos 000055F521DAC0C0, size: 268 file: 0, size: 0
2022/07/15 11:53:50 [debug] 2294#2294: *308 http write filter: l:0 f:0 s:268
2022/07/15 11:53:50 [debug] 2294#2294: *308 http output filter "/scrape?info_hash=%9b%3di%c5%da%0dIUt7%99%ef%c6%ff%28s%fc%81I%ae"
2022/07/15 11:53:50 [debug] 2294#2294: *308 http copy filter: "/scrape?info_hash=%9b%3di%c5%da%0dIUt7%99%ef%c6%ff%28s%fc%81I%ae"
2022/07/15 11:53:50 [debug] 2294#2294: *308 image filter
2022/07/15 11:53:50 [debug] 2294#2294: *308 xslt filter body
2022/07/15 11:53:50 [debug] 2294#2294: *308 http postpone filter "/scrape?info_hash=%9b%3di%c5%da%0dIUt7%99%ef%c6%ff%28s%fc%81I%ae" 000055F521D4F2B0
2022/07/15 11:53:50 [debug] 2294#2294: *308 write old buf t:1 f:0 000055F521DAC0C0, pos 000055F521DAC0C0, size: 268 file: 0, size: 0
2022/07/15 11:53:50 [debug] 2294#2294: *308 write new buf t:0 f:0 0000000000000000, pos 000055F520815B20, size: 116 file: 0, size: 0
2022/07/15 11:53:50 [debug] 2294#2294: *308 write new buf t:0 f:0 0000000000000000, pos 000055F520815E20, size: 62 file: 0, size: 0
2022/07/15 11:53:50 [debug] 2294#2294: *308 http write filter: l:1 f:0 s:446
2022/07/15 11:53:50 [debug] 2294#2294: *308 http write filter limit 0
2022/07/15 11:53:50 [debug] 2294#2294: *308 writev: 446 of 446
2022/07/15 11:53:50 [debug] 2294#2294: *308 http write filter 0000000000000000
2022/07/15 11:53:50 [debug] 2294#2294: *308 http copy filter: 0 "/scrape?info_hash=%9b%3di%c5%da%0dIUt7%99%ef%c6%ff%28s%fc%81I%ae"
2022/07/15 11:53:50 [debug] 2294#2294: *308 http finalize request: 0, "/scrape?info_hash=%9b%3di%c5%da%0dIUt7%99%ef%c6%ff%28s%fc%81I%ae" a:1, c:1
2022/07/15 11:53:50 [debug] 2294#2294: *308 set http keepalive handler
2022/07/15 11:53:50 [debug] 2294#2294: *308 http close request
2022/07/15 11:53:50 [debug] 2294#2294: *308 http log handler
2022/07/15 11:53:50 [debug] 2294#2294: *308 free: 000055F521D4E2C0, unused: 0
2022/07/15 11:53:50 [debug] 2294#2294: *308 free: 000055F521DABCE0, unused: 2283
2022/07/15 11:53:50 [debug] 2294#2294: *308 free: 000055F521D036F0
2022/07/15 11:53:50 [debug] 2294#2294: *308 hc free: 0000000000000000
2022/07/15 11:53:50 [debug] 2294#2294: *308 hc busy: 0000000000000000 0
2022/07/15 11:53:50 [debug] 2294#2294: *308 tcp_nodelay
2022/07/15 11:53:50 [debug] 2294#2294: *308 reusable connection: 1
2022/07/15 11:53:50 [debug] 2294#2294: *308 event timer add: 25: 75000:2596208
2022/07/15 11:55:05 [debug] 2294#2294: *308 event timer del: 25: 2596208
2022/07/15 11:55:05 [debug] 2294#2294: *308 http keepalive handler
2022/07/15 11:55:05 [debug] 2294#2294: *308 close http connection: 25
2022/07/15 11:55:05 [debug] 2294#2294: *308 reusable connection: 0
2022/07/15 11:55:05 [debug] 2294#2294: *308 free: 0000000000000000
2022/07/15 11:55:05 [debug] 2294#2294: *308 free: 000055F521DE3340, unused: 136
And this is what the normal error.log throws me through systemctl:
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "r3.o.lencr.org" in the certificate
I think it's a DNS issue but I can't figure out what by myself, according to a forum post the error message suggests there is a problem with resolution of the [r3.o.lencr.org](https://r3.o.lencr.org) name, as preformed by nginx on startup using system resolver.
My reverse config:
server {
listen 80 default_server;
#listen [::]:80 default_server;
server_name dns.name.here 192.168.0.100;
return 301 https://$server_name$request_uri;
}
upstream netdata {
server 127.0.0.1:19999;
keepalive 64;
}
server {
#-------------------- SSL CONFIG -----------------------------------
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include /etc/nginx/snippets/strong-ssl.conf;
ssl_certificate /etc/letsencrypt/live/dnsname/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dnsname/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/dnsname/chain.pem;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
auth_basic "Restricted"; auth_basic_user_file /etc/nginx/.htpasswd;
error_page 401 403 404 /404.html; error_log /var/log/nginx/nnferror.log;
# First attempt to serve request as file, then as directory, then fall back to displaying a 404.
location / {
try_files $uri $uri/ =404;
}
# Deny access to .htaccess files, if Apache's document root concurs with nginx's one
location ~ /\.ht {
deny all;
}
# Let's Encrypt Webroot plugin location -- allow access
location ^~ /.well-known/acme-challenge/ {
auth_basic off;
autoindex on;
}
My ssl.conf:
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
# Set Google's public DNS servers as upstream resolver
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains" always;
# Modify X-Frame-Option from DENY to SAMEORIGIN, required for Deluge Web UI, ownCloud, etc.
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
# Use the 2048 bit DH key
ssl_dhparam /etc/ssl/certs/dhparam.pem;
Also tried checking if I could actually communicate with [8.8.8.8](https://8.8.8.8)
dig u/8.8.8.8 r3.o.lencr.org
; <<>> DiG 9.11.3-1ubuntu1.17-Ubuntu <<>> u/8.8.8.8 r3.o.lencr.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58758
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;r3.o.lencr.org. IN A
;; ANSWER SECTION:
r3.o.lencr.org. 120 IN CNAME o.lencr.edgesuite.net.
o.lencr.edgesuite.net. 19792 IN CNAME a1887.dscq.akamai.net.
a1887.dscq.akamai.net. 20 IN A 83.255.218.9
a1887.dscq.akamai.net. 20 IN A 83.255.218.98
;; Query time: 63 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Jul 15 12:53:27 CEST 2022
;; MSG SIZE rcvd: 142
I've also tried reinstalling nginx but no success..
nginx version: nginx/1.18.0 (Ubuntu)
Ubuntu 18.04
Router: Asus AC88U with Merlin v386,5 (v387 caused the issue)
Can anyone tell me what happened here?