Update
The Nginx documentation says the following:
For the OCSP stapling to work, the certificate of the server certificate issuer should be known. If the ssl_certificate file does not contain intermediate certificates, the certificate of the server certificate issuer should be present in the ssl_trusted_certificate file.
So we don't need to specify ssl_trusted_certificate, because Let's Encrypt creates fullchain.pem containing all certificates and we use that for ssl_certificate already.
================================
I'm wondering specifying ssl_trusted_certificate actually makes a difference. I only specified the following using Nginx 1.9.9:
ssl_certificatewithfullchain.pemssl_certificate_keywithprivkey.pemssl_stapling onssl_stapling_verify on
Still, the command openssl s_client -connect <domain.com>:443 -tls1 -tlsextdebug -status gives me a successful OCSP response for my domain. Adding ssl_trusted_certificate does not seem to change the output of openssl. Is it somehow more efficient to specify ssl_trusted_certificate or is it unnecessary?