From ef179138fa5d4cc89127a114ebeac12f1278bbfa Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Sun, 5 Apr 2020 04:13:05 -0400 Subject: [PATCH] certbot-ocsp-fetcher for reliable OCSP stapling --- nginx/snippets/https.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nginx/snippets/https.conf b/nginx/snippets/https.conf index 290a1e95..a721e373 100644 --- a/nginx/snippets/https.conf +++ b/nginx/snippets/https.conf @@ -9,3 +9,5 @@ ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; ssl_trusted_certificate /etc/letsencrypt/live/grapheneos.org/chain.pem; ssl_stapling on; ssl_stapling_verify on; +# maintained by certbot-ocsp-fetcher +ssl_stapling_file /etc/nginx/ocsp-cache/grapheneos.org.der;