The -header option changed syntax in OpenSSL 1.1.0. For backwards compatibility with previous versions we probably need to check the OpenSSL version somehow. Not sure how best to do that in the context of this script
more info: https://github.com/nghttp2/nghttp2/pull/743
Introduces a new option to allow to skip haproxy reload. This
is useful for the initial run when haproxy is not yet started.
You want to do this to make sure OCSP stapling works from the
get-go on a newly provisioned machine.
Reload haproxy instead of using the socket when a .ocsp file was
not previously present. Makes it work if the ocsp file somehow
disappeared or not yet present. This makes it more robust, because
the socket interface fails when the .ocsp was not previously loaded.