You need fullchain.pem for trust chain of the browser, while ssl_trusted_certificate is mandatory for OCSP. Add it and check if OCSP is working, you may not get immediate response, so you have to nginx "prime" it first, but it should be working for all subsequent requests
2 Likes