The OCSP Server has no status for the certificate...

When trying to access a newly created domain over https, my Firefox browser reported to me:

An error occurred during a connection to example.com. The OCSP server has no status for the certificate. (Error code: secerrorocspunknowncert)

Well, OCSP means Online Certificate Status Protocol and is a way to verify the status of X.509 certificates. OCSP Stapling is an alternative approach where the OCSP response is appended (stapled) to the TLS handshake.

Firefox expects the stapled OCSP response and baulks at its absence; Chromium doesn't, though. To work around the issue in Firefox, change a setting:

  • browse to about:config to see the Firefox settings.
  • search for security.ssl.enable_ocsp_stapling
  • change the value from true to false

Allow for a propagation delay after creating a new certificate and DNS entries for a new domain. Try re-enabling the setting after a few hours.