You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Certbot uses symlinks to /etc/letsencrypt/archive/domain/ instead of replacing the file in /etc/letsencrypt/live/domain/, OLS doesn't check for the changes in the symlink and staples the OSCP response for the older cert along with the new cert, firefox throws a certificate error and blocks the connection
Steps to recreate.
Use certbot for SSL
Vist site ( it works normally)
Renew SSL
Restart OLS
Visit the site again in firefox ( it won't work )
Proposed solution:
As OLS checks for change to get a new cached OCSP response, it should also check if cert/key in vhost is a symlink and in case it is a link, check for the change in link and get a new response to staple
The text was updated successfully, but these errors were encountered:
Certbot uses symlinks to /etc/letsencrypt/archive/domain/ instead of replacing the file in /etc/letsencrypt/live/domain/, OLS doesn't check for the changes in the symlink and staples the OSCP response for the older cert along with the new cert, firefox throws a certificate error and blocks the connection
Steps to recreate.
Use certbot for SSL
Vist site ( it works normally)
Renew SSL
Restart OLS
Visit the site again in firefox ( it won't work )
Proposed solution:
As OLS checks for change to get a new cached OCSP response, it should also check if cert/key in vhost is a symlink and in case it is a link, check for the change in link and get a new response to staple
The text was updated successfully, but these errors were encountered: