When trying to access a newly created domain over
https, my Firefox browser reported to me:
An error occurred during a connection to example.com. The OCSP server has no status for the certificate. (Error code: secerrorocspunknowncert)
Well, OCSP means Online Certificate Status Protocol and is a way to verify the status of X.509 certificates. OCSP Stapling is an alternative approach where the OCSP response is appended (stapled) to the TLS handshake.
Firefox expects the stapled OCSP response and baulks at its absence; Chromium doesn't, though. To work around the issue in Firefox, change a setting:
- browse to
about:configto see the Firefox settings.
- search for
- change the value from
Allow for a propagation delay after creating a new certificate and DNS entries for a new domain. Try re-enabling the setting after a few hours.