Dumb stunt on my part ... FYI re nginx and htbridge

I just spent a week trying to get "A+" on a Ubuntu (20.04) site with LE and nginx 1.21.5. The best I could manage was an "A", and the issue was presenting as "ocsp stapling". Turns out I was trying to use TLSv1.3 only, and since fallback to TLSv1.2 was failing, htbridge was reporting a misconfiguration, citing "ocsp stapling". Allowing TLSv1.2 and TLSv1.3 resolved the complaint, and resulted in "A+" for the site.

Live and learn! I was ready to blame the LE-nginx combination, with the notorious and well-known
"lazy loading" of the ocsp stapling, but instead must blame senility. FYI !

https://w5gfe.org:444/ for now at least.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.