OLS doesn't renew OCSP respone with certbot

[aonsyed]

Certbot uses symlinks to /etc/letsencrypt/archive/domain/ instead of replacing the file in /etc/letsencrypt/live/domain/, OLS doesn't check for the changes in the symlink and staples the OSCP response for the older cert along with the new cert, firefox throws a certificate error and blocks the connection

Steps to recreate.

Use certbot for SSL

Vist site ( it works normally)

Renew SSL

Restart OLS

Visit the site again in firefox ( it won't work )

Proposed solution: As OLS checks for change to get a new cached OCSP response, it should also check if cert/key in vhost is a symlink and in case it is a link, check for the change in link and get a new response to staple