- Plesk for Linux
Is it possible to enable OCSP Stapling?
How to configure OCSP Stapling for a domain?
Plesk does not support officially such feature.
However, it is possible to enable OCSP Stapling for a specific domain via Apache or Nginx directive.
After installing the certificate for the domain follow the steps:
In case of Apache is used:
- Connect to the server via SSH.
- Add following string to
CONFIG_TEXT: SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
- Log into Plesk.
Go under Plesk > Domains > example.com > Apache & Nginx Settings > Additional directives for HTTPS and add the following:
CONFIG_TEXT: SSLUseStapling on
In case of Nginx is used:
Go under Plesk > Domains > example.com > Apache & Nginx Settings > Additional nginx directives and add the following:
CONFIG_TEXT: ssl_stapling on;
resolver 220.127.116.11 18.104.22.168 valid=300s;
fullchain.pemfile shoud contain Root Certificate and all the Intermediate cetificates data.
Note: For each domain where the OCSP Stapling is required, it has to be assigned an IP since it will only work correctly if the IP itself has the certificate assigned otherwise, it will keep returning the following:
# openssl s_client -connect example.com:443
OCSP response: no response sent