Additionally we’ve improved the OCSP cache warming for the let’s encrypt certificates. Right after reloading or restarting NGINX, Firefox users could get an error message because the OCSP response from the CA was not (yet) included in the webservers response. The OCSP response indicates to the browser that the certificate served by the webserver is still considered valid by the CA and has not been revoked. Providing the OCSP response is more secure, faster and more efficient since the browser does not have to ask the CA to validate the certificate. We now warm the OCSP cache directly after reloading or restarting Nginx to work around this issue.