OCSP Stapling Issues - "ocsp.int-x3.letsencrypt.org could not be resolved"Β #2
Description
Using the latest version of this image, it appears there are issues with OCSP stapling.
Using this proxy, the following error message is shown on Firefox:
Error code: MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING
The docker logs show this error message shortly after generating the certificates:
[error] 376#376: ocsp.int-x3.letsencrypt.org could not be resolved (110: Operation timed out) while requesting certificate status, responder: ocsp.int-x3.letsencrypt.org, certificate: "/etc/nginx/certs/<...>.crt"
This is how I am using the proxy image in a docker-compose configuration:
version: '3.7'
x-logging:
&default-logging
options:
max-size: '20mb'
max-file: '5'
driver: json-file
networks:
default:
services:
main:
image: neilpang/letsproxy:latest
container_name: proxy
restart: on-failure
ports:
- 443:443
- 80:80
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- /data/proxy/certs:/etc/nginx/certs
- /data/proxy/acme:/acmecerts
depends_on:
- web
networks:
- default
logging: *default-logging
web:
image: <...>
container_name: web
restart: on-failure
environment:
VIRTUAL_HOST: example.com
ENABLE_ACME: 'true'
depends_on:
- web
networks:
- default
logging: *default-logging
It would be great to get a response on whether this is a usage issue, or a problem with this docker image.