Could this possibly be the same as the problem I'm encountering with OCSP response for the SERPRO test site (OCSP response not found) when I run this command?
curl --verbose --url http://ocsp.serpro.gov.br/acserprosslv1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTBQ28pKtiXfAbGW%2BhUsNmqSdcYRQQUrRZPS%2FEMvsKKooUY1w1GJZMi480CDQDzmwGvO97JMnso57k%3D (Using instructions from https://unmitigatedrisk.com/?p=42) See also https://certificate.revocationcheck.com/active-repositorio.serpro.gov.br Thanks, Ben On Thu, Oct 7, 2021 at 6:42 PM 'Jacob Hoffman-Andrews' via [email protected] <[email protected]> wrote: > Good advice, thanks for sharing! People interested in this may also be > interested in reading Let's Encrypt's 2017 postmortem related to the same > issue: > https://community.letsencrypt.org/t/may-19-2017-ocsp-and-issuance-outage-postmortem/34922. > Another interesting thing: concatenation happens without regard to whether > the OCSP URL in a certificate has a trailing slash. If you issue > certificates where the OCSP URL ends in a trailing slash (rare, I think), > you'll find that all of your OCSP GET requests start with a doubled slash > (//). Also, it's worth being cautious about deploying changes that will > cause large numbers of cache entries to be invalidated. > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAN3x4QmJ4_ZEOOq%3DPgLv45NLD1afcqWeKd0M8PR%2B%3D%3DdShh%2BbZA%40mail.gmail.com > <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAN3x4QmJ4_ZEOOq%3DPgLv45NLD1afcqWeKd0M8PR%2B%3D%3DdShh%2BbZA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZUXv3O4P6OfRPFUZGAbAJztAveJKFyqq2pOsm%3DyR4FCw%40mail.gmail.com.
