"ssl_stapling" ignored, host not found in ocsp responder "ocsp.int-x3.letsencrypt.org" in the certificate

After installing HestiaCP, everything was working perfectly fine. I added some accounts thru the panel. Today I delete one account and tried to restart the Nginx and Apache.
Apache restarted successfully, but Nginx failed with the following error:

"ssl_stapling" ignored, host not found in ocsp responder “ocsp.int-x3.letsencrypt.org” in the certificate

As my websites went offline, I commented out the following lines in all .conf files to restart the Nginx. How can I fix this error so that I can uncomment these lines?

#ssl_stapling on;
#ssl_stapling_verify on;

I think the old certificate is left behind for the deleted domain.

Please check if /usr/local/hestia/data/users/{user}/ssl the certificate still exists?

There is no folder for the deleted domain inside /usr/local/hestia/data/users/
I checked everything inside /usr/local/hestia/data/users/ and no certificate for the deleted domain exists there.

Do you have any additional informations, like the certificate path itself in the error message or nginx log? Could give you a hint about which one is causing troubles.

The error_log of Nginx has 4 lines with the same message:
ssl_stapling" ignored, host not found in OCSP responder “ocsp.int-x3.letsencrypt.org” in the certificate “/home/admin/conf/web/domain.com/ssl/domain.com.pem”

I tried to regenerate letsencrypt certificate for my domain and it gave error: DNS record could not be found.
Luckily I had backup of the certificate. I am using cloudflare DNS and it’s working fine with old letsencrypt certificate.

What happens if you disable and reenable that particular domain?

How to disable a domain?

Sorry, I mean disable and reenable the ssl certificate of that domain. Also you should not host anything below the admin user - expect the hostname domain which will be used for the services certificate.

There is no domain under admin.
I tried to disable and reenable the certificate on the domain, but letsencrypt gave the error: “DNS record for the domain could not be found.”

“DNS record for the domain could not be found.”

nslookup domain.com 

And check your Cloudflare if dns is set propperly…

1 Like

It seems that I found the fix for my problem.
There were many IPs under banned list of the firewall.
I just turned off both IPtables and fail2ban and it solved the problem.

1 Like