Hello.
Does not work OCSP stapling.
Test OCSP stapling = No
OCSP response: no response sent
Configuring nginx.
ssl_certificate /usr/local/etc/letsencrypt/live/site.ru/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/site.ru/privkey.pem;
ssl_trusted_certificate /usr/local/etc/letsencrypt/live/site.ru/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
resolver 127.0.1.1;
resolver_timeout 5s;
openssl-1.1.1g,1
certbot 1.5.0
Do you run a recursive resolver on the same server?
Also, what do the nginx logs say about OCSP?
resolver 127.0.1.1;
Yes, I'm running dnsmasq.
Also, what do the nginx logs say about OCSP?
There are no errors.
Then how do you know it doesn't work?
IIRC nginx staple only support stapling as cache, so if it currently has no valid ocsp for request then it it reply to browser without stapling, and patch ocsp server to save it for later use
That’s right, as the cache filled up, I saw OCSP stapling Yes
I looked here.
https://www.ssllabs.com/ssltest/
On my computer in the console.
openssl s_client -connect site.ru:443 -status 2>&1 | grep “OCSP”
Now everything is in order, it shows this.
openssl s_client -connect site.ru:443 -status 2>&1 | grep "OCSP"
OCSP response:
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
https://www.ssllabs.com/ssltest/ visible OCSP stapling Yes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.