How to enable OCSP Stapling on EasyEngine

When OCSP Stapling is disabled, user browser (Firefox) checks to whether a website certificate has been revoked or not. It’s within Online Certificate Status Protocol or OCSP.

It ‘leaks’ user vistis to cert issuer + causing heavy traffick on cert issuer servers + slows down page load since it is additional request. Enabled OCSP Stapling reduces this.

See this article.

How to enable OCSP Stapling:

Add to the end of your /etc/nginx/sites-available/ conf this:

    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/letsencrypt/live/;
    # DNS resolver (Google), not mandatory


nginx -t
service nginx restart

Use this tool (or this) to see your OCSP Stapling is enabled on your server.

1 Like

You forgot to add the resolver directive, which allows Nginx to check your cert regularly.


This example uses Google DNS, but one can choose the best DNSes for their server.

1 Like

I have edit post


openssl s_client -connect -tls1 -tlsextdebug -status

what answer?

OCSP Response Data: ...


OCSP response: no response sent

probable cause:

settings inet6


ping6 -n -c 4