diff --git a/caddy/letsencrypt/letsencrypt.go b/caddy/letsencrypt/letsencrypt.go
index 093a4eb6a..3edd2b927 100644
--- a/caddy/letsencrypt/letsencrypt.go
+++ b/caddy/letsencrypt/letsencrypt.go
@@ -238,6 +238,9 @@ func saveCertsAndKeys(certificates []acme.CertificateResource) error {
 // autoConfigure enables TLS on cfg and appends, if necessary, a new config
 // to allConfigs that redirects plaintext HTTP to its new HTTPS counterpart.
 func autoConfigure(cfg *server.Config, allConfigs []server.Config) []server.Config {
+	bundleBytes, _ := ioutil.ReadFile(storage.SiteCertFile(cfg.Host))
+	ocsp, _ := acme.GetOCSPForCert(bundleBytes)
+	cfg.TLS.OCSPStaple = ocsp
 	cfg.TLS.Certificate = storage.SiteCertFile(cfg.Host)
 	cfg.TLS.Key = storage.SiteKeyFile(cfg.Host)
 	cfg.TLS.Enabled = true
diff --git a/caddy/letsencrypt/renew.go b/caddy/letsencrypt/renew.go
index cd19c24e7..a00eb0154 100644
--- a/caddy/letsencrypt/renew.go
+++ b/caddy/letsencrypt/renew.go
@@ -92,6 +92,7 @@ func processCertificateRenewal(configs []server.Config) (int, []error) {
 
 			// Renew certificate.
 			// TODO: revokeOld should be an option in the caddyfile
+			// TODO: bundle should be an option in the caddyfile as well :)
 			newCertMeta, err := client.RenewCertificate(certMeta, true, true)
 			if err != nil {
 				time.Sleep(10 * time.Second)
diff --git a/server/config.go b/server/config.go
index dedd7ba37..a3bb5f50d 100644
--- a/server/config.go
+++ b/server/config.go
@@ -56,6 +56,7 @@ type TLSConfig struct {
 	Certificate              string
 	Key                      string
 	LetsEncryptEmail         string
+	OCSPStaple               []byte
 	Ciphers                  []uint16
 	ProtocolMinVersion       uint16
 	ProtocolMaxVersion       uint16
diff --git a/server/server.go b/server/server.go
index 0a4dd4bab..09cdbe58b 100644
--- a/server/server.go
+++ b/server/server.go
@@ -179,6 +179,7 @@ func serveTLSWithSNI(s *Server, ln net.Listener, tlsConfigs []TLSConfig) error {
 	config.Certificates = make([]tls.Certificate, len(tlsConfigs))
 	for i, tlsConfig := range tlsConfigs {
 		config.Certificates[i], err = tls.LoadX509KeyPair(tlsConfig.Certificate, tlsConfig.Key)
+		config.Certificates[i].OCSPStaple = tlsConfig.OCSPStaple
 		if err != nil {
 			return err
 		}