← GoDaddy cases
Bugzilla #1905419
Certificate Problem Report
GoDaddy: Intermittent unauthorized OCSP response when certificate is freshly issued
RESOLVED
FIXED
GoDaddy
AI Summary
GoDaddy experienced intermittent 'unauthorized' OCSP responses for newly issued certificates due to performance degradation in their OCSP response sync mechanism. This issue arose as certificate issuance scaled up, leading to delays in response propagation. GoDaddy acknowledged the problem and has implemented improvements to their OCSP system, including adjustments to response syncing schedules and fast-tracking propagation of newly generated responses. The issue has been resolved, and GoDaddy is committed to ongoing enhancements to prevent future occurrences.
Chronology
- CPR sent to GoDaddy regarding unauthorized OCSP response
- Bug report filed
- GoDaddy acknowledges latency issue
- Responder syncing schedules tuned for consistent propagation
- Fast-track script added for OCSP response propagation
- Closure of the matter planned
Participants
amir@aaomidi.com
star@godaddy.com
rdaurne77@gmail.com
jreading@godaddy.com
bwilson@mozilla.com
agwa-bugs@mm.beanwood.com
aaron@letsencrypt.org
brenth1@mac.com
External References
Similar Local Cases
GoDaddy : CAA checks passed when records contained incorrect variants of godaddy.com or starfieldtech.com
GoDaddy : CAA checks did not properly handle issuewild tag allowing FQDN SANs to be added to wildcard certs
GoDaddy: Does not provide a method for domain owners to revoke their certificates
Entrust: CPR was not responded to in 24 hours
Microsoft PKI Services: CA Certificates not published in DER Encoded Format
TWCA: Revocation delay for TLS certificates with non-critical basicConstraints
SECOM: Difference in upper and lower case between CN field and SAN
Entrust: Jurisdiction issue in some EV TLS & Code Signing certificates