This server certificate supports OCSP must staple but OCSP response is not stapled
not sure why that client requested must-staple certificate? you will need to config OCSP stapling or get a new certificate withtout OCSP extension
firefox hard fails in this case, chromium-based browsers doesn't care about OCSP IIRC
it's not likely hosting can give proper must-staple, as nginx skips stapling in first connect, and apache does not preload stapling response
I asked host if OCSP stapling is something they need to enable to resolve this. Host said it isn't something they can change on a shared server and that the certificate (how it's configured I presume) is the issue.
you will need to config OCSP stapling or get a new certificate withtout OCSP extension
Based on my host's response, I presume I can't config OCSP stapling. How do I get a new certificate without OCSP extension?
in addition to that for some reason kate's client (really simple ssl for wordpress) I think it forces(or at least by default) request cert with OCSP must-staple, and her hosting provider doesn't support stapling so it's broken config she will need new certificate
Sorry, was away, but back. Yes, the code.txt changes each time the CertSage page is loaded as @orangepizza correctly mentioned before.
I created it manually by retrieving the certificates from Chain of Trust - Let's Encrypt. You won't need to manually do anything though. If you look inside the certificate.crt that CertSage generated, you'll see that both of the intermediate certificates are in that file already because CertSage downloads the correct full chain directly from Let's Encrypt every time you generate a certificate.
If you're giving the interface the certificate file containing the full chain and it's only using the first certificate (your leaf certificate), that's rather strange. Is there a "CA certificate" or "CA bundle" upload?