digitalocean/nginxconfig.io

Configuring OCSP

Open

#340 opened on Apr 8, 2022

View on GitHub
 (6 comments) (1 reaction) (1 assignee)JavaScript (1,978 forks)batch import
hacktoberfesthelp wanted

Repository metrics

Stars
 (26,979 stars)
PR merge metrics
 (No merged PRs in 30d)

Description

Information

https://whatismybrowser.com/w/QCB7F49

Help request

Problem

OCSP is not enabled after using the generated configuration. Multiple tools (digicert helpers, ssllabs, openssl) report that OCSP is disabled. I made sure I was checking this on subsequent requests due to asynchronicity of the OCSP fetch.

What I have tried

The OCSP stapling configured in the nginx.conf

# OCSP Stapling
ssl_stapling           on;
ssl_stapling_verify    on;
resolver               1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
resolver_timeout       2s;

The trusted certificate configured in the server block (some systems might require this when ssl_stapling_verify is on)

ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;

Contributor guide