Firefox randomly does not receive certificate from websites I run. SEC_ERROR_OCSP_MALFORMED_RESPONSE is the error.
I run a few docker containers that I have a reverse proxy setup with "letsencrypt" on some subdomains I own. Randomly, FF (both mobile and desktop) refuses to load those pages and returns a "SEC_ERROR_OCSP_MALFORMED_RESPONSE" error. I'm also not able to pull up the certificate at all. FF will randomly work just perfect with these sites however.
Also, when FF is unable to open these sites, every other browser I tried is able to. Other browsers that worked, IE, Edge, Safari, Samsung Browser, Chrome, Safari on IOS.I already tried to start FF in safe mode, to no avail.
I was also able to use this website: " https://check-your-website.server-daten.de" to check the certificate status, and everything came back green.
- Edit** I will add that I've deleted all the site data, gone through every single useful google result page as well. My system date and time is also correct, as is the server I run.
Any help is appreciated. Thank you!
Дополнительные сведения о системе
- User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0
So, I think I have it figured out! In case anyone else comes across this post as lost as I was. I'll outline it below
I have an unraid server running several docker containers through a reverse proxy using subdomains. '
The behavior was that Firefox would pull the docker website randomly, but most of the time it would error out with the error listed in the title. All other browsers would work. Using FredMcD's second link I was able to go into Firefox's about:config and set "security.ssl.enable_ocsp_stapling" to false and it would work, but it made me feel less secure.
The actual fix, to fix the letsencrypt nginx reverse proxy was as follows. Go into your Unraid rootshare (a youtuber named spaceinvaderone has a two minute video on how to do this). Go to appdata -> letsencrypt -> nginx and open ssl.conf with a text editor.
Go down to this part in the text:
# OCSP Stapling ssl_stapling on; ssl_stapling_verify on; resolver 220.127.116.11 valid=30s; # Docker DNS Server ' The line starting with "resolver" was set to something like "127.10.0.1" which doesn't actually resolve anything. I set it to "18.104.22.168" which is Cloudfares DNS, and then Firefox started loading the site just fine!
I still have no idea why it would work randomly, but it's fixed now. Thanks FredMcD for setting me on the right path.
Welp, everything above this line did not fix it. It just broke again :(
So I thought I had this fixed, but alas I am still getting the error. Gone through those links several times now, and the only solution is to go into about:config and turn off OCSP, which doesn't sound ideal.
Any other thoughts?
I called for more help.
I called for more help.
Ok, I appreciate that!
I've attached the certificate view from when it randomly works to this message.
First URL gives me an error, but the last one gives me some more information. I will do some digging and report back., I really appreciate your response!
Ok, so I am unfortunately still stuck on this. I have one website that tells me that I have OCSP stapling enabled:
But the digicert.com/help link says I don't. However, following it's SSL-support link I do have have the intermediate certificate attached.
I have been through all of those URL's and a few others several times now, and nothing seems to be working. Although at this point I believe the issue to be with either Letsencrypt or nginx. I'm going to reach out to their communities and see if they have anything to say. Thanks!