I think you have more issues than ocsp. if thats the same host you can't
have two different tls certs on the same ip.   and you have them both on
*443

try using a separate ip for each



On Fri, Jan 27, 2017 at 15:03 Michael W. Lucas <mwlu...@michaelwlucas.com>
wrote:

> On Fri, Jan 27, 2017 at 09:53:25PM +0000, Bob Beck wrote:
>
> >    On Fri, Jan 27, 2017 at 14:12 Michael W. Lucas
>
> >      Or a misconfiguration. Â show configs
>
>
>
>
>
> Configs follow.
>
>
>
> # cat /etc/httpd.conf
>
> include "/etc/sites/www3.conf"
>
> include "/etc/sites/www4.conf"
>
>
>
> www3.conf:
>
>
>
> server "www3.mwlucas.org" {
>
>        listen on * port 80
>
>        block return 302 "https://$SERVER_NAME$REQUEST_URI";
>
> }
>
>
>
>
>
> server "www3.mwlucas.org" {
>
>         alias tarpit.mwlucas.org
>
>         listen on * tls port 443
>
>         hsts
>
>         # TLS certificate and key files created with acme-client(1)
>
>         tls certificate "/etc/ssl/acme/www3/www3.fullchain.pem"
>
>         tls key "/etc/ssl/acme/www3/www3.key"
>
>         tls ocsp "/etc/ssl/acme/www3/www3.der"
>
>         tcp nodelay
>
>
>
>            location "/.well-known/acme-challenge/*" {
>
>                    root "/acme"
>
>                    root strip 2
>
>            }
>
> }
>
>
>
>
>
> www4:
>
>
>
> server "www4.mwlucas.org" {
>
>         alias bill.mwlucas.org
>
>         alias auction.mwlucas.org
>
>         listen on * port 80
>
>
>
>            location "/.well-known/acme-challenge/*" {
>
>                    root "/acme"
>
>                    root strip 2
>
>            }
>
>
>
>
>
>         block return 301 "https://$DOCUMENT_URI";
>
> }
>
>
>
> server "www4.mwlucas.org" {
>
>         alias bill.mwlucas.org
>
>         alias auction.mwlucas.org
>
>         root "/www4"
>
>         listen on * tls port 443
>
>         hsts
>
>         # TLS certificate and key files created with acme-client(1)
>
>         tls certificate "/etc/ssl/acme/www4/www4.fullchain.pem"
>
>         tls key "/etc/ssl/acme/www4/www4.key"
>
> #       tls ocsp "/etc/ssl/acme/www4/www4.der"
>
>         tcp nodelay
>
>            location "/.well-known/acme-challenge/*" {
>
>                    root "/acme"
>
>                    root strip 2
>
>            }
>
>
>
> }
>
>
>
>
>
>
>
>
>
> --
>
> Michael W. Lucas    Twitter @mwlauthor
>
> nonfiction: https://www.michaelwlucas.com/
>
> fiction: https://www.michaelwarrenlucas.com/
>
> blog: http://blather.michaelwlucas.com/
>
>

Reply via email to