How to enable OCSP stapling when default server is self-signed?

numroo nginx-forum at
Sun Apr 12 16:21:19 UTC 2015

>> Yes, I ran the s_client command multiple times to account for the nginx
>> responder delay. I was testing OCSP stapling on just one of my domains.
>> Then I read that the 'default_server' SSL server also has to have OCSP
>> stapling enabled for vhost OCSP stapling to work:
>There is no such a requirement.

I have the same problem here.

openssl s_client -servername ${WEBSITE} -connect ${WEBSITE}:443 -tls1
-tlsextdebug -status|grep OCSP

Always returns the following on all virtual hosts no matter on how many
times I try:
OCSP response: no response sent

But as soon that I disable my self-signed default host and restart Nginx, I
get a successfull repsonse on the second request on all CA signed hosts:
OCSP Response Status: successful (0x0)

Posted at Nginx Forum:,257833,257974#msg-257974

More information about the nginx mailing list