1. chapter-one.jp

revoke対象の証明書をOCSPで返答しつづけるLet's Encrypt もおかしい。

このままだとすると、いつまで表示できるか。(redirect されるか) -- ToshinoriMaeno 2022-02-04 02:33:45

OCSPの更新がいつになるか、そこにかかる。エラーになった。-- ToshinoriMaeno 2022-02-07 08:48:58

Contents

  1. chapter-one.jp
    1. OCSP

https://chapter-one.jp >> https://www.chapter-one.jp 

69812429,"0314da1d07d8c1408df9245a4202f5da73a2","2022-02-19T17:51:33Z","static.chapter-one.jp"
69812429,"0373ade243180e0f9d3e0c2dbd1bce19679e","2022-04-20T17:51:33Z","static.chapter-one.jp"
69812429,"038d5b5c072a1702d2fccfca71dddee96e50","2022-02-19T17:51:25Z","admin.chapter-one.jp"
69812429,"04ce478e88aeb67f8fea07c8656790160381","2022-04-20T17:51:26Z","admin.chapter-one.jp"
122914497,"041c33fc3d13c5bf5b80c08329e31bfffc0c","2022-02-19T17:51:17Z","chapter-one.jp"
122914497,"04671183e1e0b0e6923b0b2c4389aa29a379","2022-04-20T17:51:18Z","chapter-one.jp"

openssl s_client -connect chapter-one.jp:https -servername chapter-one.jp -CApath /etc/ssl/certs -status

-- ToshinoriMaeno 2022-02-04 03:31:10 

OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: C = US, O = Let's Encrypt, CN = R3
    Produced At: Jan 25 18:51:00 2022 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: 48DAC9A0FB2BD32D4FF0DE68D2F567B735F9B3C4
      Issuer Key Hash: 142EB317B75856CBAE500940E61FAF9D8B14C2C6
      Serial Number: 04671183E1E0B0E6923B0B2C4389AA29A379
    Cert Status: good
    This Update: Jan 25 18:00:00 2022 GMT
    Next Update: Feb  1 17:59:58 2022 GMT

https://ssl.lavoscore.org/api/sslcert-expires/?q=chapter-one.jp,www.chapter-one.jp

OCSP返答 -- ToshinoriMaeno 2022-02-04 01:32:11 

OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: C = US, O = Let's Encrypt, CN = R3
    Produced At: Feb  2 23:23:00 2022 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: 48DAC9A0FB2BD32D4FF0DE68D2F567B735F9B3C4
      Issuer Key Hash: 142EB317B75856CBAE500940E61FAF9D8B14C2C6
      Serial Number: 04671183E1E0B0E6923B0B2C4389AA29A379
    Cert Status: revoked
    Revocation Time: Jan 28 23:23:44 2022 GMT
    This Update: Feb  2 23:00:00 2022 GMT
    Next Update: Feb  9 22:59:58 2022 GMT

chapter-one.jp  
serial  "04671183E1E0B0E6923B0B2C4389AA29A379"
OCSP_serial     "04671183E1E0B0E6923B0B2C4389AA29A379"
OCSP_this_update        "Jan 25 18:00:00 2022 GMT"
OCSP_next_update        "Feb  1 17:59:58 2022 GMT"
domainName      "chapter-one.jp"
port    443
subjectAltName  "DNS:chapter-one.jp"
is_valid        true
CA      "Let's Encrypt"
updated_at      "2022/01/21 02:51:19"
expires_at      "2022/04/21 02:51:18"
today   "2022/02/03 11:34:17"
UTC     
updated_at      "2022-01-20T17:51:19Z"
expires_at      "2022-04-20T17:51:18Z"
today   "2022-02-03T02:34:17Z"
remaining_days  76
www.chapter-one.jp      
serial  "042B0100EF8CE4C5900EB99B0DBB8C868709"
OCSP_serial     null
OCSP_this_update        null
OCSP_next_update        null
domainName      "www.chapter-one.jp"
port    443
subjectAltName  "DNS:www.chapter-one.jp"
is_valid        true
CA      "Let's Encrypt"
updated_at      "2021/12/21 13:58:22"
expires_at      "2022/03/21 13:58:21"
today   "2022/02/03 11:34:17"
UTC     
updated_at      "2021-12-21T04:58:22Z"
expires_at      "2022-03-21T04:58:21Z"
today   "2022-02-03T02:34:17Z"
remaining_days  46

chapter-one.jp  
serial  "04671183E1E0B0E6923B0B2C4389AA29A379"
OCSP_serial     "04671183E1E0B0E6923B0B2C4389AA29A379"
domainName      "chapter-one.jp"
port    443
subjectAltName  "DNS:chapter-one.jp"
is_valid        true
CA      "Let's Encrypt"
updated_at      "2022/01/21 02:51:19"
expires_at      "2022/04/21 02:51:18"
today   "2022/02/01 22:25:14"
UTC     
updated_at      "2022-01-20T17:51:19Z"
expires_at      "2022-04-20T17:51:18Z"
today   "2022-02-01T13:25:14Z"
remaining_days  78

www.chapter-one.jp revoke 対象ではない。 

serial  "042B0100EF8CE4C5900EB99B0DBB8C868709"
OCSP_serial     null
domainName      "www.chapter-one.jp"
port    443
subjectAltName  "DNS:www.chapter-one.jp"
is_valid        true
CA      "Let's Encrypt"
updated_at      "2021/12/21 13:58:22"
expires_at      "2022/03/21 13:58:21"
today   "2022/02/01 22:25:14"
UTC     
updated_at      "2021-12-21T04:58:22Z"
expires_at      "2022-03-21T04:58:21Z"
today   "2022-02-01T13:25:14Z"
remaining_days  47

1.1. OCSP

ここもOCSPで失効になるはずだが。-- ToshinoriMaeno 2022-02-02 02:33:02 

serial:04671183E1E0B0E6923B0B2C4389AA29A379
OCSP_serial:04671183E1E0B0E6923B0B2C4389AA29A379
OCSP_this_update:Jan 25 18:00:00 2022 GMT
OCSP_next_update:Feb 1 17:59:58 2022 GMT
発行日時:2022-01-20T17:51:19Z
失効日時:2022-04-20T17:51:18Z

CategoryDns CategoryWatch CategoryTemplate

MoinQ: Letsencrypt/警告/汎用jp/chapter-one.jp (last edited 2022-02-07 08:48:58 by ToshinoriMaeno)