diff --git a/data/hooks/conf_regen/15-nginx b/data/hooks/conf_regen/15-nginx
index 1aafcbfa2..461c10c0c 100755
--- a/data/hooks/conf_regen/15-nginx
+++ b/data/hooks/conf_regen/15-nginx
@@ -2,6 +2,8 @@
 
 set -e
 
+. /usr/share/yunohost/helpers.d/utils
+
 do_init_regen() {
   if [[ $EUID -ne 0 ]]; then
     echo "You must be root to run this script" 1>&2
@@ -42,18 +44,18 @@ do_pre_regen() {
     mkdir -p "$mail_autoconfig_dir"
 
     # NGINX server configuration
-    cat server.tpl.conf \
-      | sed "s/{{ domain }}/${domain}/g" \
-      > "${nginx_conf_dir}/${domain}.conf"
-
-    cat autoconfig.tpl.xml \
-      | sed "s/{{ domain }}/${domain}/g" \
-      > "${mail_autoconfig_dir}/config-v1.1.xml"
+    export domain
+    export domain_cert_ca=$(yunohost domain cert-status $domain --json \
+                            | jq ".certificates.\"$domain\".CA_type" \
+                            | tr -d '"')
 
+    ynh_render_template "server.tpl.conf" "${nginx_conf_dir}/${domain}.conf"
+    ynh_render_template "autoconfig.tpl.xml" "${mail_autoconfig_dir}/config-v1.1.xml"
 
     [[ $main_domain != $domain ]] \
       && touch "${domain_conf_dir}/yunohost_local.conf" \
       || cp yunohost_local.conf "${domain_conf_dir}/yunohost_local.conf"
+
   done
 
   # remove old domain conf files
diff --git a/data/templates/nginx/server.tpl.conf b/data/templates/nginx/server.tpl.conf
index 78909e3f6..bf2f36cb7 100644
--- a/data/templates/nginx/server.tpl.conf
+++ b/data/templates/nginx/server.tpl.conf
@@ -68,6 +68,15 @@ server {
     add_header X-Permitted-Cross-Domain-Policies none;
     add_header X-Frame-Options "SAMEORIGIN";
 
+    {% if domain_cert_ca == "Let's Encrypt" %}
+    # OCSP settings
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    ssl_trusted_certificate /etc/yunohost/certs/{{ domain }}/crt.pem;
+    resolver 127.0.0.1 127.0.1.1 valid=300s;
+    resolver_timeout 5s;
+    {% endif %}
+
     access_by_lua_file /usr/share/ssowat/access.lua;
 
     include conf.d/{{ domain }}.d/*.conf;