I’m seeing this in my logs for some of the certificates I have requested from LetsEncrypt
2017/03/10 11:51:51 [WARNING] Stapling OCSP: no OCSP stapling for [www.fish4leads.com]: ocsp: error from server: unauthorized
Oddly, I did successfully get staples for a bunch of other certificates requested at about the same time:
app.fish4leads.com-add177a7
local-app.fish4leads.com-bb2b86ea
testssl.redacted.com-9b03b06c
testssl.redacted.co.uk-a8bd8861
This is probably because LE issues certificates before their OCSP response is ready. 
It’s only a matter of a few seconds (usually, although that can’t be guaranteed) and I think I heard they want to fix that soon, so it might start going away. There’s a TODO in the Caddy code to handle this situation, but frankly I think this is a bug in the CAs, and handling it properly makes things complicated, and adds seconds before your site can be served.
Anyway, the next time OCSP staples are fetched (a few hours), it should be good to go, unless their CDN cached the error response…
Aah, that makes sense. I did find your chat with with LE about it after I posted the question. I’ll just ignore them for now.
I’m in the process of working out which of the process log messages I need to monitor for as warnings of Things Going Bad.
Basically any ACME errors… those are cert obtain and renewal errors. Or errors when reloading.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.