Recent answers to MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING caused by ocsp must staple, SSL labs says stapling is OKhttps://support.mozilla.org/en-US/questions/12904782020-10-16T01:37:39-07:00Strange. Posted a comment earlier. And it's a No-Show. Re-edited this comment.
This is still the 2020-10-16T01:37:39-07:00s.egberthttps://support.mozilla.org/en-US/questions/1290478#answer-1358606<p>Strange. Posted a comment earlier. And it's a No-Show. Re-edited this comment.
</p><p>This is still the exact problem with LetsEncrypt, Firefox 81.0.2.
</p><p>The setting `security.ssl.enable_ocsp_must_staple preference` is no longer working in `True` or `False.
</p><p>Try <a href="https://egbert.net/" rel="nofollow">https://egbert.net/</a>
</p>Still a problem with LetsEncrypt, lighttpd web server, and latest Firefox as well as Firefox 81.0.2.2020-10-16T01:36:49-07:00s.egberthttps://support.mozilla.org/en-US/questions/1290478#answer-1358605<p>Still a problem with LetsEncrypt, lighttpd web server, and latest Firefox as well as Firefox 81.0.2.
</p><p>Try this: <a href="https://egbert.net/" rel="nofollow">https://egbert.net/</a>
</p>Shashank Shekhar said
This rare error message seems to mean there is a problem with the server's OC2020-06-10T00:47:51-07:00cuboxhttps://support.mozilla.org/en-US/questions/1290478#answer-1322467<em><p>Shashank Shekhar <a href="#answer-1322333" rel="nofollow">said</a></p></em>
<blockquote>
This rare error message seems to mean there is a problem with the server's OCSP response: OCSP "stapling" -- inclusion of the verification of the non-revocation of the server's certificate -- is required but not provided.
When I load https://cubox.dev directly I don't get an error.
Are you using a proxy? There was a reference on another site to an issue using Zscaler on that site: <a href="https://access.redhat.com/discussions/2408091" rel="nofollow">https://access.redhat.com/discussions/2408091</a> (June 30, 2016).
Does it make any difference if you toggle this setting:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.
(2) In the search box above the list, type or paste ocsp and pause while the list is filtered
(3) Double-click the security.ssl.enable_ocsp_must_staple preference to switch the value from true to false
Then try the site again, bypassing the cache (e.g., Ctrl+Shift+r when you reload). Any difference?
</blockquote>
<p>As I mentionned above, I disabled the "must staple" from my server in order to let firefox users access the site. I'll enable it back so you can test the website again.
</p><p>I am not using a proxy.
</p><p>As I mentionned in my initial message (but it was not really clear), disabling the security.ssl.enable_ocsp_must_staple flag does fix this issue. But this cannot be a fix, since I cannot ask every user to do this.
</p>This rare error message seems to mean there is a problem with the server's OCSP response: OCSP "stap2020-06-09T15:44:03-07:00mbox.shashankhttps://support.mozilla.org/en-US/questions/1290478#answer-1322333<p>This rare error message seems to mean there is a problem with the server's OCSP response: OCSP "stapling" -- inclusion of the verification of the non-revocation of the server's certificate -- is required but not provided.
</p><p>When I load https://cubox.dev directly I don't get an error.
</p><p>Are you using a proxy? There was a reference on another site to an issue using Zscaler on that site: <a href="https://access.redhat.com/discussions/2408091" rel="nofollow">https://access.redhat.com/discussions/2408091</a> (June 30, 2016).
</p><p>Does it make any difference if you toggle this setting:
</p><p>(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.
</p><p>(2) In the search box above the list, type or paste ocsp and pause while the list is filtered
</p><p>(3) Double-click the security.ssl.enable_ocsp_must_staple preference to switch the value from true to false
</p><p>Then try the site again, bypassing the cache (e.g., Ctrl+Shift+r when you reload). Any difference?
</p>I'm gonna disable must stapling on my server to fix the issue. I'll bring it back if someone wanna t2020-06-09T08:33:59-07:00cuboxhttps://support.mozilla.org/en-US/questions/1290478#answer-1322238<p>I'm gonna disable must stapling on my server to fix the issue. I'll bring it back if someone wanna test it. Or give me the commands to run (openssl) and I'll get you the info
</p>