ECC OCSP nginx.conf ssl_stapling ignored

I've setup nginx with RSA and OCSP.

For another domain, in another server, I wanted to set it up using ECC and OCSP.

The certificate has been installed and it's working.
But the OCSP part is not.
When nginx -t, get:

nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate

What I did was to get this certificate:

and use it in the ssl_trusted_certificate directive.

Apart from the ssl_certificate and ssl_certificate_key, the other directives are:

    ssl_protocols       TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /usr/pkg/etc/nginx/certs/dhparam.pem;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /usr/pkg/etc/nginx/certs/lets-encrypt-e1.pem;
    ssl_session_cache   shared:SSL:20m;
    ssl_session_timeout 20m;
    ssl_session_tickets on;

As this is very complex to me, please explain as if I'm five what to do to have OCSP with ECC or if it's not possible.

1 Like

If you're using, you want to be setting ssl_certificate to fullchain.cer, not

Just set this to's chain.cer.

1 Like

Thank you very much @_az , Without your help I wouldn't find the solution.
All the best to you.

For the record:
ssl_certificate /somedir/; ssl_trusted_certificate /somedir/;

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.