Environment:
Vercel plan: Hobby
Custom domain: jobjunior.ru and www.jobjunior.ru
Stack: React SPA (static assets hosted on Vercel) + Express API (Serverless Functions)
Issue Description
Clients on restricted networks (notably Russian ISPs) cannot load static assets due to TLS handshake failures. Example error when fetching main.[hash].js:
text
schannel: next InitializeSecurityContext failed:
CRYPT_E_REVOCATION_OFFLINE (0x80092013)
SSL Labs confirms OCSP Stapling is disabled:
Without a stapled OCSP response:
Browsers attempt direct contact with Let’s Encrypt OCSP servers
Many OCSP endpoints are blocked in these regions
TLS handshake aborts, preventing asset loading
Troubleshooting Steps Taken
DNS Configuration
Apex A records: 76.76.21.21 and 76.76.21.22
www CNAME → cname.vercel-dns.com
api CNAME → cname.vercel-dns.com
Verified: No residual AAAA/wildcard records
Connectivity Validation
bash
curl.exe -4 -v JobJunior
Fails with CRYPT_E_REVOCATION_OFFLINE
Support Ticket Opened
Case #00565683 (Submitted via Vercel Dashboard)
Outcome: Received Hobby plan auto-reply with no resolution
Critical Questions
Is OCSP Stapling technically available on the Hobby plan? If yes:
What steps are required to enable it for our domains?
For workarounds:
Are there any configuration-only solutions to force OCSP stapling without upgrading plans?
Would you recommend a self-hosted proxy (e.g., Nginx reverse proxy) to inject OCSP staples?
Broader context:
Have other Hobby users successfully resolved this for Russian/CIS audiences?
Are there known infrastructure limitations preventing OCSP stapling on Hobby?
Requested Action
Please:
Confirm whether OCSP Stapling can be enabled for our Hobby plan domains
Provide implementation guidance or escalate Case #00565683
Share documented alternatives if unavailable
Urgent resolution needed – 30% of our users are affected. We appreciate your swift assistance.
Respectfully,
Alex