Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OCSP error in SXG #1921

Closed
shigeki opened this issue Apr 18, 2019 · 4 comments
Closed

OCSP error in SXG #1921

shigeki opened this issue Apr 18, 2019 · 4 comments
Assignees
@sebastianbenz
Labels
Category: Infrastructure P1: High Status: WIP Type: Bug

Comments

@shigeki
Copy link

shigeki commented Apr 18, 2019

Description of the issue found on ampproject.org

Please provide:

amp_dev_ocsp_error

How do we reproduce the issue?

Please provide the steps to reproduce the issue:

  1. Step 1 to reproduce
    Access to AMPConf site of https://amp.dev/events/amp-conf-2019 via google search in mobile browser or simulated devtool and get SXG file.

  2. Step 2 to reproduce
    Devtool shows OCSP error in SXG.

What browser are you using?
Chrome73
What O/S are you using?
Android, MacOS

OCSP in SXG was expired on April 17.

Certificate #0:
  Subject: amp.dev
  Valid from: 2019-04-03 00:00:00 +0000 UTC
  Valid until: 2021-04-07 12:00:00 +0000 UTC
  Issuer: DigiCert ECC Secure Server CA
  Embedded SCT:
    LogID: 7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/cs=
    LogID: h3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8=
    LogID: RJRlLrDuzq/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gag=
  Has canSignHttpExchangesDraft extension
OCSP response:
  Status: 0 (good)
  ProducedAt: 2019-04-10 15:08:48 +0000 UTC
  ThisUpdate: 2019-04-10 15:08:48 +0000 UTC
  NextUpdate: 2019-04-17 14:23:48 +0000 UTC
Certificate #1:
  Subject: DigiCert ECC Secure Server CA
  Valid from: 2013-03-08 12:00:00 +0000 UTC
  Valid until: 2023-03-08 12:00:00 +0000 UTC
  Issuer: DigiCert Global Root CA`
@sebastianbenz
Copy link
Collaborator

Thanks for reporting. It was a problem with the OCSP cert being cache and not updated on time. We've deployed a fix, but it's going to take a while until the AMP Cache is going to pick it up.

@sebastianbenz
Copy link
Collaborator

Leaving this bug open until we properly identified the reason why the cache has not been updated.

@shigeki
Copy link
Author

shigeki commented Apr 18, 2019

Thanks. I confirmed that the OCSP data was updated and waiting for its cache updates.

Certificate #0:
  Subject: amp.dev
  Valid from: 2019-04-03 00:00:00 +0000 UTC
  Valid until: 2021-04-07 12:00:00 +0000 UTC
  Issuer: DigiCert ECC Secure Server CA
  Embedded SCT:
    LogID: 7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/cs=
    LogID: h3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8=
    LogID: RJRlLrDuzq/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gag=
  Has canSignHttpExchangesDraft extension
OCSP response:
  Status: 0 (good)
  ProducedAt: 2019-04-17 15:08:55 +0000 UTC
  ThisUpdate: 2019-04-17 15:08:55 +0000 UTC
  NextUpdate: 2019-04-24 14:23:55 +0000 UTC
Certificate #1:
  Subject: DigiCert ECC Secure Server CA
  Valid from: 2013-03-08 12:00:00 +0000 UTC
  Valid until: 2023-03-08 12:00:00 +0000 UTC
  Issuer: DigiCert Global Root CA

sebastianbenz added a commit that referenced this issue Apr 21, 2019
@sebastianbenz
Cache-bust requests proxied to the AMP packager.
6d0d077 
See #1921
@sebastianbenz
Copy link
Collaborator

Fixed by moving packager into an internal VM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sebastianbenz sebastianbenz

Labels
Category: Infrastructure P1: High Status: WIP Type: Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sebastianbenz @shigeki @matthiasrohmer