How to disable OCSP stapling?
-
My Cloudron instance keeps crashing and my openid also crashes when trying to login into my apps.
nginx: [warn] "ssl_stapling" ignored, no OCSP responder URL in the certificate
Any way to fix that?
This could be the culprit:
This issue is particularly prevalent with certificates issued by Let's Encrypt. As of May 7, 2025, Let's Encrypt stopped including OCSP URLs in new certificates. Consequently, any certificate issued after this date will lack the necessary OCSP URL, causing the warning to appear in the server logs. The OCSP responders for Let's Encrypt were scheduled to be turned off entirely on August 6, 2025. Therefore, for certificates issued after May 7, 2025, OCSP stapling is no longer a viable option.
-
B BetaBreak referenced this topic on
-
@BetaBreak Thanks for the reminder. I read that announcement and summarized it here - https://forum.cloudron.io/topic/4917/ocsp-stapling-for-tls-ssl/7 . We will remove the stapling config in our code entirely , that way the warnings will go away.
-
@BetaBreak Thanks for the reminder. I read that announcement and summarized it here - https://forum.cloudron.io/topic/4917/ocsp-stapling-for-tls-ssl/7 . We will remove the stapling config in our code entirely , that way the warnings will go away.
-
G girish has marked this topic as solved on
-
G girish referenced this topic on
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login