Bug #3221
closedOCSP outdated on git.lighttpd.net since Aug 27 14:59:58 UTC 2023
Description
I currently have problems updating my local repo from git.lighttpd.net.
fatal: unable to access 'https://git.lighttpd.net/lighttpd/lighttpd1.4.git/': server certificate verification failed. CAfile: none CRLfile: none
The error message is misleading, the certificate chain is ok, but disabling SSL verification in git with env GIT_SSL_NO_VERIFY=true ... solves the issue.
Using the sslabs checker myabe leads to the real cause:
OCSP STAPLING ERROR: OCSP response expired on Sun Aug 27 14:59:58 UTC 2023
I did not find an option in git to only disable OCSP.
BTW: is there a better option to report infrastructure issues than writing a ticket?
Updated by stbuehler over 1 year ago
- Status changed from New to Invalid
Thanks for the report.
I modified certificate handling some time ago, and forgot to update crontab to use the new ocsp-update script, and the script probably wouldn't have signaled the webserver (bug in the script).
I probably should update our monitoring to check OCSP stapling too.
Reporting infrastructure issues: I'd prefer IRC or contact@lighttpd.net
Also available in: Atom