On 7/8/23 21:33, Shawn Heisey wrote:
Here's the very weird part. It seems that haproxy is sending the OCSP
request to localhost, not the http://r3.o.lencr.org URL that it SHOULD
be sending it to. Right before the above log entry is this one:
Jul 8 21:15:38 - haproxy[4075] 127.0.0.1:57696
[08/Jul/2023:21:15:38.447] web80 web80/<NOSRV> 0/-1/-1/-1/0 302 230 - -
LR-- 1/1/0/0/0 0/0 "GET
/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgOq9K0xVAXkgj8X4cNGeMutQw%3D%3D HTTP/1.1"
Anyone have any idea why haproxy is sending the ocsp request to
127.0.0.1 when it should be going to a public address obtained from the
dns name r3.o.lencr.org?
If I do this command on the same machine, it works correctly:
curl -v -o response.ocsp
"http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgOq9K0xVAXkgj8X4cNGeMutQw%3D%3D"
Thanks,
Shawn