About nginx and OCSP Must-Staple
A. Schulze
sca at andreasschulze.de
Thu Feb 24 18:43:17 UTC 2022
Am 24.02.22 um 19:06 schrieb wordlesswind via nginx:
> I enabled OCSP Must-Staple, then I found that after restarting nginx, I always get "MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING" error when visiting my website for the first time.
Hi,
this is known behavior (reference welcome). You may configure ssl_stapling_file to serve the OCSP response also for the very first response.
Or write a script that fetch https://example.org immediately after reload.
Andreas
More information about the nginx
mailing list