Currently, we use /usr/local/share/certs/ocsp-ca-certs.pem for nginx configuration for OCSP.
On Dwellers, it doesn't contain URL for new Let's Encrypt certificates.
Dwellers
$ nginx -t nginx: [warn] "ssl_stapling" ignored, no OCSP responder URL in the certificate "/srv/letsencrypt/etc/live/dwellers.nasqueron.org/fullchain.pem" […]
Documentation states the chain of root + intermediate certificates should be used for that parameter, ie chain.pem for Let's Encrypt.
We can have several chains, for example 2 on Dwellers:
Dwellers
$ sha256sum */chain.pem 15253b25997290a8bef2bffb60b7fae536a8832f7ed96f15bdc5878da5dffeea airflow.nasqueron.org/chain.pem 15253b25997290a8bef2bffb60b7fae536a8832f7ed96f15bdc5878da5dffeea artifacts.nasqueron.org/chain.pem 15253b25997290a8bef2bffb60b7fae536a8832f7ed96f15bdc5878da5dffeea bugzilla.espace-win.org/chain.pem 13bab0b4e1fcd7715ee6d988b6728fb8991b8d23c032869575299a96b4a2c572 dwellers.nasqueron.org/chain.pem 15253b25997290a8bef2bffb60b7fae536a8832f7ed96f15bdc5878da5dffeea forms.nasqueron.org/chain.pem 15253b25997290a8bef2bffb60b7fae536a8832f7ed96f15bdc5878da5dffeea jenkins.test.nasqueron.org/chain.pem 13bab0b4e1fcd7715ee6d988b6728fb8991b8d23c032869575299a96b4a2c572 notifications.integration.nasqueron.org/chain.pem 13bab0b4e1fcd7715ee6d988b6728fb8991b8d23c032869575299a96b4a2c572 orange-rabbit.integration.nasqueron.org/chain.pem 13bab0b4e1fcd7715ee6d988b6728fb8991b8d23c032869575299a96b4a2c572 vault-notifications.integration.nasqueron.org/chain.pem
__
References: