Nginx ssl_stapling does not work

Does not work OCSP stapling.
Test OCSP stapling = No
OCSP response: no response sent
Configuring nginx.

ssl_certificate /usr/local/etc/letsencrypt/live/;
ssl_certificate_key /usr/local/etc/letsencrypt/live/;
ssl_trusted_certificate /usr/local/etc/letsencrypt/live/;
ssl_stapling on;
ssl_stapling_verify on;
resolver_timeout 5s;

certbot 1.5.0

Do you run a recursive resolver on the same server?

Also, what do the nginx logs say about OCSP?

1 Like


Yes, I’m running dnsmasq.

Also, what do the nginx logs say about OCSP?

There are no errors.

Then how do you know it doesn’t work?

IIRC nginx staple only support stapling as cache, so if it currently has no valid ocsp for request then it it reply to browser without stapling, and patch ocsp server to save it for later use

1 Like

That’s right, as the cache filled up, I saw OCSP stapling Yes

I looked here.

On my computer in the console.
openssl s_client -connect -status 2>&1 | grep “OCSP”

Now everything is in order, it shows this.

openssl s_client -connect -status 2>&1 | grep "OCSP"
OCSP response: 
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response visible OCSP stapling Yes

Thank you all for your help! @Osiris @orangepizza

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.