There is a newer OCSP response but was not provided by the server

Maxim Dounin mdounin at
Wed Sep 23 17:21:36 UTC 2015


On Wed, Sep 23, 2015 at 12:53:19PM -0400, 173279834462 wrote:

> I see this:
> ==> stderr.log <==
> 2015/09/23 18:33:00 [error] 41509#0: OCSP_basic_verify() failed (SSL:
> error:27069065:OCSP routines:OCSP_basic_verify:certificate verify
> error:Verify error:unable to get local issuer certificate) while requesting
> certificate status, responder:

So this confirms my guess: you've enabled OCSP response 
verification but failed to provide appropriate certificates for 
the verification to succeed.

Simpliest solution would be to switch off OCSP response 

Alternatively, provide appropriate certificates via the 
ssl_trusted_certificate directive,  see for details.

Maxim Dounin

More information about the nginx mailing list