On Tue, Mar 31, 2015 at 10:11 AM, Stephen Farrell <[email protected]> wrote: > Turns out after a bit of searching, I'd installed the new > cert too soon, and when I tested it, a "dunno" OCSP > response was sent before the responder had seen the new > cert and that OCSP response has now been cached for some > unknowable (to me) number of hours in who-knows-what > places. And that caching behaviour has changed since the > last time I got a cert from the same provider a few months > ago. So I reverted my apache to the old cert and will > try install the new cert again tomorrow.
So the problem is caching of "unknown" status OCSP Responses. I think this is a separate and separable problem, though one that ACME should work on anyways. Nico -- _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
