"ssl_stapling" ignored warning on boot with LE certs?
PGNet Dev
pgnet.dev at gmail.com
Thu Feb 16 14:23:21 UTC 2023
hi,
> The error message suggests there is something wrong with DNS on> your host.
> If this happens only on boot but not when you restart/reload nginx
> after boot,
ah. testing, yep, that does seem to be the case
> this might indicate that DNS is not yet properly
> available when nginx starts. One possible reason is that nginx
> systemd service is not properly configured to depend on DNS being
> available: for nginx to start properly you may want to ensure that
> there is Wants= and After= dependency on network-online.target,
> and After= dependency on nss-lookup.target, see nginx.service as
> shipped by nginx.org nginx packages[1] for an example.
i'd added/use unbound as local resolver.
changing both
edit /etc/systemd/system/nginx.service
- After=network-online.target
- Wants=network-online.target
+ After=network-online.target nss-lookup.target unbound.target
+ Wants=network-online.target nss-lookup.target unbound.target
and
edit /etc/systemd/system/nginx.service
- networks: files dns
+ networks: dns files
does the trick.
i wasn't noticing any DNS issues anywhere (else); just this ocsp fail. good catch, thx!
o/
More information about the nginx
mailing list