Most browsers currently have the stapling check set to true
e.g. Firefox/Chrome security.ssl.enable_ocsp_stapling = true
As a result, even if the certificate is valid, the browser still throws "SEC_ERROR_OCSP_BAD_SIGNATURE".
cause : stapling is not uncommented in the nginx config file when the certificate is configured.