The problem is that you are testing xojo.com as opposed to www.xojo.com (which xojo.com automatically redirects to). If you send www.xojo.com to ssllabs, you’ll see that the OCSP failure disappears.
Hi Greg, thank you for your rapid answer. Interestingly my macOS Safari now works on both xojo.com and your redirection to www. (who is still using www? I am always typing xojo.com) but my iPad still doesnt work and SSL Labs now showing this:
Hello Tomas, I was able to see the original error on sslabs page, then I hit “clear cache” and then that page was not able to get the test done (getting the new screenshot you posted).
Now it is working.
I did a test with www.xojo.com and it was everything ok until I hit “clear cache”, now both have the same error reporting:
[quote]Revocation status Good (not revoked)
OCSP ERROR: OCSP response expired on Tue Nov 06 09:05:23 UTC 2018[/quote]
Edit: got an error, clear cache again and it looks fine now (both but the test isn’t finished yet)
Edit: Test duration 287.252 seconds for www.xojo.com, xojo.com isn’t finished yet
Edit: Got “unexpected failure” for xojo.com test, trying again
I recently moved to a Let’s Encrypt wildcard certificate and ran into this.
What isn’t obvious, is that a wildcard (*.xojo.com) certificate does NOT cover the base domain (xojo.com).
It is possible to add the base domain to the wildcard certificate as an Alternative name. then a single certificate will work for the entire domain.
yep they are covered. After couple of hours everyting works normally. I assume the cert authority or OCSP Responder have had an error and could not verify my browsers’ request. So Safari stopped serving the website.