When OCSP Stapling is disabled, user browser (Firefox) checks to whether a website certificate has been revoked or not. It’s within Online Certificate Status Protocol or OCSP.
It ‘leaks’ user vistis to cert issuer + causing heavy traffick on cert issuer servers + slows down page load since it is additional request. Enabled OCSP Stapling reduces this.
See this article.
How to enable OCSP Stapling:
Add to the end of your /etc/nginx/sites-available/example.com conf this:
... ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem; # DNS resolver (Google), not mandatory resolver 22.214.171.124 126.96.36.199 }
nginx -t service nginx restart