Can I make Nginx automatically OCSP staple certificates at reload/restart?
That article explains one way to do it: https://matthiasadler.info/blog/ocsp-stapling-on-nginx-with-comodo-ssl/
The idea is to manually fetch de OCSP response and use the ssl_stapling_file directive.
https://unmitigatedrisk.com/?p=241 explains it in details:
URL=$(openssl x509 -in $SERVER_CER -text | grep “OCSP – URI:” | cut -d: -f2,3)
openssl ocsp -noverify -no_nonce -respout ocsp.resp -issuer \ $ISSUER_CER -cert $SERVER_CER -url $URL
Where “ocsp.resp” is whatever file you have configured in Nginx for the “ssl_stapling_file“.