Webinoly is just the perfect tool for NGINX experts. Give it a try!
0 votes
102 views
by Rookie

I noticed the site I am developing with webinoly/wordpress sometimes fails to load on the Android Firefox browser. It will load successfully after refreshing and then loads fine again after. It usually happens when I first load the site after not loading it for a few days. 

The https://webinoly.com/ site gives the same error except that it does not load successfully upon upon refresh. The Windows Firefox browser is also giving this same error on https://webinoly.com/.

Error code: MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING

I am not sure if this is related to the same problem I am having or not. My site only fails to load intermittently and only on the Android Firefox browser. https://webinoly.com fails to load every time on both Android and Windows Firefox browsers. Both sites load fine in other browsers.

Any idea about this?

by Rookie
After doing some more tests I found that the problem with my site failing to load on the Android Firefox happens when the site is loaded for the first time after restarting NGINX.

Steps to reproduce:

1. Restart nginx service

2. Try to load my site with Android Firefox browser.

3. Get secure connection failed error (MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING).

4. Refresh the page.

5. Site loads. Now everything works normally until nginx service is restarted again.

The problem I am having sounds very similar to this one:

https://community.letsencrypt.org/t/ocsp-stapling-issue-with-nginx/119238

I'm not sure if it's the same problem affecting the https://webinoly.com site or not. That is still not loading at all on Firefox (Android and Chrome) even with multiple page refreshes.

1 Answer

0 votes
by Rookie
edited by

I’m seeing the exact same issues... the sites load (both cases) by changing the security.ssl.enable_ocsp_must_staple from true to false in the firefox config. So it is a ocsp stapling issue. 

What I have read is that OCSP Must-Staple is problematic (adds latency and OCSP servers are not very reliable) and also only Firefox cares about it... in nginx it could be disabled with ssl_stapling and ssl_stapling_verify in the SSL virtual hosts files, right?... Could it be that having it dissabled is the default config from Webinoly?

by Rookie

https://webinoly.com/ is now loading on Firefox, but websites still fail to load at the first attempt after reloading nginx... 

Welcome to the Community site for Webinoly.

Our Optimized LEMP Web Server is a powerful set of commands for doing just about anything you could wish.

With Webinoly you can set up your NGINX web server in just one step.

* * * * * * *

To report a bug, please create a new issue on GitHub or ask a question here with the bug tag.
Webinoly Support Paypal Donations

PayPal · GitHub Sponsors · Bitcoin

It is very important that any visitor to the site read the disclaimer, terms of use and privacy and legal statement before start browsing.

...