I just got the dreaded MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING error message, because my preferred certificate has OCSP stapling enabled. I want to use that feature, because my domain is used for other purposes as well with a wildcard certificate.
I found https://forum.opnsense.org/index.php?topic=26812, so is OCSP stapling still infeasible with lighthttpd?
Ah, apparently, the feature is available now: https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL#OCSP-Stapling, I'll create a ticket.
OCSP stapling has been available in lighttpd since lighttpd 1.4.56, released Nov 2020, which is 4 years ago.
Looks like you filed https://github.com/opnsense/core/issues/8084 with that info, too.
lighttpd provides a script to help retrieve OCSP stapling info from OCSP responders.
https://git.lighttpd.net/lighttpd/lighttpd1.4/src/branch/master/doc/scripts/cert-staple.sh
FYI: Let's Encrypt is shutting down its OCSP responders 6 Aug 2025. No more OCSP stapling from Let's Encrypt after then.
https://letsencrypt.org/2024/12/05/ending-ocsp/
I just closed the feature request...