ocsp checking needs -verify_other

https://community.letsencrypt.org/t/unable-to-verify-ocsp-response/7264
2026-05-28 04:34:11 -04:00 · 2016-12-19 17:36:37 -08:00 · 2016-12-19 17:36:37 -08:00 · ac02cd9cb8
commit ac02cd9cb8
parent 40e29bb95f
1 changed files with 3 additions and 2 deletions
--- a/certbot/ocsp.py
+++ b/certbot/ocsp.py
@ -40,9 +40,10 @@ def revoked_status(cert_path, chain_path):
            "-issuer", chain_path,
            "-cert", cert_path,
            "-url", url,
-            "-CAfile", chain_path])
+            "-CAfile", chain_path,
+            "-verify_other", chain_path])
    except errors.SubprocessError:
-        return "(OCSP Failure)"
+        return "OCSP Failure"

    return _translate_ocsp_query(cert_path, output)