Can I make Nginx automatically OCSP staple certificates at reload/restart?

nginx ocsp

That article explains one way to do it: https://matthiasadler.info/blog/ocsp-stapling-on-nginx-with-comodo-ssl/

The idea is to manually fetch de OCSP response and use the ssl_stapling_file directive.

https://unmitigatedrisk.com/?p=241 explains it in details:

URL=$(openssl x509 -in $SERVER_CER -text | grep “OCSP – URI:” | cut -d: -f2,3)

openssl ocsp -noverify -no_nonce -respout ocsp.resp -issuer \ $ISSUER_CER -cert $SERVER_CER -url $URL

Where “ocsp.resp” is whatever file you have configured in Nginx for the “ssl_stapling_file“.

Related

Is it possible to downgrade Windows Server 2016 Datacenter to Standard?
Register-ClusteredScheduledTask : The parameter is incorrect
IIS 8.5 change bindings on bulk (due to SSL certificate renewal)
High availability Bastion host - Best practices, ELB, EIP?
Using extra CPU time in ESXI for scientific computing
Kill inactive user sessions on a Windows Server 2012 R2 Terminal server
Is it possible for CloudFlare to get content from 8080 and serve it on 80?
Hot to change 'Preemptibilty' setting on VM instance in Google Cloud
Nagios OK notification at the beginning of the availability period
Redirect all urls to the root except /wp-admin and wp-json
Why my Amazon EC2 instance limit is zero by default?
AWS: Subnets vs Security groups for setting up a VPC