OCSP stapling and fallback certificate

[kapouer]

Hi,

• allow_domain returns false when domain ends with a specific wildcard domain
• fallback certificate is set to that wildcard domain (and works)
• ocsp stapling is on, verify is on, resolver is set

When i don't set ocsp stapling on, auto-ssl allowed domains have ocsp stapling working all right.
If i set it on in global nginx config for ssl, only the wildcard fallback domain will get ocsp stapling,
and auto-ssl allowed domains stop having it enabled as soon as the wildcard domain is requested.

To be clear:

• if i request a auto-ssl managed domain first, ocsp stapling response is returned
• if i request a auto-ssl managed domain second, ocsp stapling response is not returned

I suppose this is a bug, because it appears at runtime.

[kapouer]

It's as if as soon as nginx ocsp stapling kicks in, it writes all ocsp responses, ignoring the ones already set by auto-ssl.

[kapouer]

SO it's an nginx bug. I suppose it could be worked around if it was possible to configure (in request_domain or in allow_domain) where to load the pem files from, thus making fallbacks good citizens w.r.t. ocsp and maybe also a simple step toward #97.

[kapouer]

Closed by #141