OCSP Stapling Problem

### Issue Details

Hi!

I use Google PKI with 2 Day Certificates. But Caddy refuses to use them for OCSP stapling because caddy argues that the Certificates are invalid because the OCSP response is longer valid then the Certificate itself.

```
2025/12/02 21:36:52.787 WARN    tls     stapling OCSP   {"error": "invalid: OCSP response for [] valid after certificate expiration (-119h3m9s)", "identifiers": [""]}
```

Is this intentional because CAB / Chrome / Firefox does not allow this or is Caddy too restrict here? 

### Assistance Disclosure

AI not used

### If AI was used, describe the extent to which it was used.

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

OCSP Stapling Problem #7377

Issue Details

Assistance Disclosure

If AI was used, describe the extent to which it was used.

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

OCSP Stapling Problem #7377

Description

Issue Details

Assistance Disclosure

If AI was used, describe the extent to which it was used.

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions