pfSense » pfSense Packages

I have an issue with the stunnel package in pfsense 2.7.2. Since my certificate renewed a few days ago, I cannot connect to any host through stunnel. On the client I receive a time out. In the pfsense log I see the following messages:

Jun 24 15:21:38 stunnel 80915 LOG5[119]: Service [SerHomeCTRL1] accepted connection from xx.xx.xx.xx:54576
Jun 24 15:21:38 stunnel 80915 LOG5[119]: OCSP: Connecting the AIA responder "http://r11.o.lencr.org"
Jun 24 15:24:34 stunnel 80915 LOG3[119]: Error resolving "r11.o.lencr.org": Address family for nodename not supported (EAI_ADDRFAMILY)
Jun 24 15:24:34 stunnel 80915 LOG3[119]: OCSP: Failed to resolve the OCSP responder address
Jun 24 15:24:34 stunnel 80915 LOG3[119]: SSL_accept: /var/jenkins/workspace/pfSense-CE-snapshots-2_7_2-main/sources/FreeBSD-src-RELENG_2_7_2/crypto/openssl/ssl/record/rec_layer_s3.c:304: error:0A000126:SSL routines::unexpected eof while reading
Jun 24 15:24:34 stunnel 80915 LOG5[119]: Connection reset/closed: 0 byte(s) sent to TLS, 0 byte(s) sent to socket

When I check from the console the host r11.o.lencr.org can be reached:
ping r11.o.lencr.org
PING a1887.dscq.akamai.net (95.101.75.42): 56 data bytes
64 bytes from 95.101.75.42: icmp_seq=0 ttl=57 time=6.180 ms
64 bytes from 95.101.75.42: icmp_seq=1 ttl=57 time=6.998 ms
64 bytes from 95.101.75.42: icmp_seq=2 ttl=57 time=6.823 ms


It seems that the issue is related to Let's Encrypt switching from R3 to R11 intermediate certificate as R3 is now retiered (https://community.letsencrypt.org/t/issue-certificate-on-r3-intermediate/220243).

I am not sure how to resolve this issue.

Thanks