0

I'm pretty sure SSL certificates are almost always tied to a domain name rather than an IP address. And the vast majority of my traffic is unaffected, generally things are working well.

However, my php error log is now full of a lot of this (getting a few per hour):

2022/05/13 00:35:58 [error] 79815#79815:
    connect() to [2606:4700:4400::ac40:9bbc]:80 failed
    (101: Network is unreachable)
    while requesting certificate status,
    responder: ocsp.sectigo.com,
    peer: [2606:4700:4400::ac40:9bbc]:80, certificate: 
    "/etc/nginx/ssl/mysite_com/ssl-bundle.crt"

I'm wondering if it means I haven't correctly configured ipv6, but frankly I have no idea how to even test if that's the case, or to go about doing that...

...additionally, if that is the issue why am I only getting a couple of these per hour, when my pageviews number in the 10s-100s per minute?

I'm running Centos 8 Stream.

Codemonkey
  • 1,086
  • 4
  • 19
  • 41
  • 1
    I would expect to see OSCP related events only intermittently because for [OCSP stapling](https://en.wikipedia.org/wiki/OCSP_stapling) your server queries the OCSP server at regular intervals, not for every request made to your website. As to why it fails, IPv6 connectivity may be one issue – Rob May 13 '22 at 09:58
  • What's easier - disabling ipv6, or making it work? And can you guide me in either...? – Codemonkey May 13 '22 at 13:15
  • I may have fixed it, maybe. I was specifying 1c55:3f2:243:47c0::/64 where I meant 1c55:3f2:243:47c0::2/64 (with a 2 before the /64) [that's an otherwise-fictional address for the purpose of this post, of course] – Codemonkey May 13 '22 at 13:32

0 Answers0