On Mon, Jul 17, 2023 at 08:12:59PM +0200, Sander Klein wrote: > On 2023-07-17 15:17, William Lallemand wrote: > > On Thu, Jul 13, 2023 at 05:01:06PM +0200, Sander Klein wrote: > >> Hi, > >> > >> I tried upgrading from 2.6.14 to 2.8.1, but after the upgrade I > >> couldn't > >> connect to any of the sites behind it. > >> > >> While looking at the error it seems like OCSP is not working anymore. > >> Right now I have a setup in which I provision the certificates with > >> the > >> corresponding ocsp file next to it. If this not supported anymore? > > > > This is supposed to still be working, however we could have introduced > > bugs when building the ocsp-update. Are you seeing errors during the > > OCSP file loading? > > I don't see any errors, not even when I start haproxy by hand with '-d'. > It's just like the ocsp isn't used at al. Also started haproxy with > strace attached and I see the ocsp files are loaded. > > Regards, > > Sander >
Did you check with "show ssl ocsp-response" ? http://docs.haproxy.org/2.8/management.html#show%20ssl%20ocsp-response -- William Lallemand