DNS Certification Authority Authorization (CAA) Policy / DNSSEC for whonix.org / ssllabs.com test results / OCSP ERROR: Exception: connect timed out [http://r3.o.lencr.org] / Must-Staple

Dev/About Infrastructure - Kicksecure chapter OSCP in Kicksecure wiki

Err:1 tor+https://deb.whonix.org bookworm-developers InRelease
Certificate verification failed: The certificate is NOT trusted. The revocation or OCSP data are old and have been superseded. Could not handshake: Error in the certificate verification. [IP: 127.0.0.1 8082]
Reading package lists… Done
E: Failed to fetch tor+https://deb.whonix.org/dists/bookworm-developers/InRelease Certificate verification failed: The certificate is NOT trusted. The revocation or OCSP data are old and have been superseded. Could not handshake: Error in the certificate verification. [IP: 127.0.0.1 8082]
E: Some index files failed to download. They have been ignored, or old ones used instead.

nginx ssl_stapling_file:

• How often ssl_stapling_file picks up an updated file?
• Re: How often ssl_stapling_file picks up an updated file?

Now hopefully fixed.