cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
New

AH01980: bad response from OCSP server: 307 Temporary Redirect

Hi,

 

debian9, apache2-2.4.25-3+deb9u6

 

Since 6th February, I've been getting a lot of these errors in my Apache error logs:

 

    AH01980: bad response from OCSP server: 307 Temporary Redirect

    AH01941: stapling_renew_response: responder error

 

About 485 of them, so approximately hourly.

 

I have strict egress firewalling that only allows outgoing traffic to known IP/port

combinations and I got the list of Godaddy's OCSP servers from:

 

    https://au.godaddy.com/help/verifying-a-certificates-validity-on-your-computer-6723

 

They don't seem to have changed. They are still:

 

    72.167.18.239
    72.167.239.239
    188.121.36.239
    182.50.136.239
    50.63.243.230

 

According to that page. But anyway, I don't think that Apache is honouring the

redirect response because there are no firewall logs for outgoing port 80 traffic

at the time of the Apache error messages.

 

It seems more likely, just based on the text of the error message, that Apache is

not expecting the 307 Temporary Redirect response and is just reporting it as an

error.

 

The site still seems to work (possibly because I have "SSLStaplingReturnResponderErrors off"

in the Apache configuration). Or maybe it is failing approximately once an hour when these

redirect responses are received by Apache). No, the Apache access logs report the requests

succeeding at the times of these error messages. And Qualys SSLLabs reports that stapling

is happening so maybe it's OK but I'd like these error messages to stop.

 

So, any idea why this started happening on 6th February?

 

Any idea if it'll stop by itself?

 

Is there anything I can do to make it stop?

 

Have there been any changes relating to Godaddy's OCSP servers

that could explain this?

 

Thanks.