Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

FF blocks one of my sites for faulty OCSP response but not other nearly identical site

  • 4 답장
  • 1 이 문제를 만남
  • 144 보기
  • 최종 답변자: deOldphart

more options

I have two very similar websites built with Concrete5 CMS and with with Let's Encrypt SSL installed. WIthin the last week or so, one site began throwing the following error, "The OCSP response does not include a status for the certificate being verified." and not loading. The SSL certificate checks out fine (Grade A with Qualys SSL test as recommended by FF support page), and it does not happen with Safari or Chrome. It happens with FF 58 and 59 on several machines. It does not happen at all with my other web site. My hosting service says these sites are hosted on the same hardware and share the same Let's Encrypt installation. They think it is a FF issue.

I am stumped. Any help would be appreciated. Thanks.

Problem site: https://traditionalbamptonmorris.org.uk Okay similar site: http://charlburymorris.org.uk

I have two very similar websites built with Concrete5 CMS and with with Let's Encrypt SSL installed. WIthin the last week or so, one site began throwing the following error, "The OCSP response does not include a status for the certificate being verified." and not loading. The SSL certificate checks out fine (Grade A with Qualys SSL test as recommended by FF support page), and it does not happen with Safari or Chrome. It happens with FF 58 and 59 on several machines. It does not happen at all with my other web site. My hosting service says these sites are hosted on the same hardware and share the same Let's Encrypt installation. They think it is a FF issue. I am stumped. Any help would be appreciated. Thanks. Problem site: https://traditionalbamptonmorris.org.uk Okay similar site: http://charlburymorris.org.uk

선택된 해결법

OCSP response:

So you need to check the server of the first URL.

문맥에 따라 이 답변을 읽어주세요 👍 2

모든 댓글 (4)

more options

선택된 해결법

OCSP response:

So you need to check the server of the first URL.

more options

If you haven't heard of OCSP Stapling before, it's when your server sends not only its certificate, and any intermediate certificates necessary to complete a chain of trust to a built-in certificate, but also an OCSP response showing the certificate has not been revoked. Then Firefox won't need to separately contact the certificate issuer's OCSP service.

more options
more options

Thanks, cor-el. I passed that on to my ISP who quickly responded that they have put a temporary fix in place while they "investigate with LiteSpeed why servers running their web server are having an intermittent issue with OCSP stapling."

That SSL test site is very useful, but obviously it helps to know what to look for. Thanks again.

글쓴이 deOldphart 수정일시