shankerwangmiao
commented
4 years ago 可以通过开启 stapling 来解决此问题,如果需要解决方案的话,可以私信我
Closed phy25 closed 3 years ago
shankerwangmiao
commented
4 years ago 可以通过开启 stapling 来解决此问题,如果需要解决方案的话,可以私信我
phy25
commented
4 years ago 多谢 @shankerwangmiao ,我们依然会基于其它原因切换证书供应商,对 Let's Encrypt 做 OSCP stapling 会是最后的解决方案。
phy25
commented
3 years ago ocsp.int-x3.letsencrypt.org -> ocsp.int-x3.letsencrypt.org.edgesuite.net -> *.akamai.net
ocsp.buypass.com -> ocsp.buypass.com.edgesuite.net -> *.akamai.net (暂且用着吧,看起来以后可能还是需要 stapling)
ZeroSSL: ocsp.sectigo.com -> 151.139.128.14 (stackpath.com)
Let's Encrypt 对 Akamai 子域名分配的官方进展:https://community.letsencrypt.org/t/ocsp-int-x3-letsencrypt-org-is-not-working-in-china/118552
phy25
commented
3 years ago https://www.xf.is/2020/06/30/list-of-free-acme-ssl-providers/
BuyPass 暂不支持验证纯 IPv6 站点:https://community.buypass.com/t/y4h8h6n/support-for-verifying-challenges-over-ipv6
基于以上原因,已经将证书切换到了 ZeroSSL。当 BuyPass 支持验证纯 IPv6 站点时,个人认为还是应当将证书切换回去。ZeroSSL 是 Sectigo 的分销商,Sectigo 的帮助中心(只)提到了 SDN 列表。
问题描述 (Question Description)
参见 https://github.com/tuna/issues/issues/905
如有可能,可以考虑把证书迁移到 https://www.buypass.com/ssl/products/acme