How to disable OCSP stapling?

BetaBreak

My Cloudron instance keeps crashing and my openid also crashes when trying to login into my apps.

nginx: [warn] "ssl_stapling" ignored, no OCSP responder URL in the certificate

Any way to fix that?

This could be the culprit:

This issue is particularly prevalent with certificates issued by Let's Encrypt. As of May 7, 2025, Let's Encrypt stopped including OCSP URLs in new certificates. Consequently, any certificate issued after this date will lack the necessary OCSP URL, causing the warning to appear in the server logs. The OCSP responders for Let's Encrypt were scheduled to be turned off entirely on August 6, 2025. Therefore, for certificates issued after May 7, 2025, OCSP stapling is no longer a viable option.

BetaBreak

Fixed by grep -r "ssl_stapling" /etc/nginx/ and manually commenting out # ssl_stapling on; and # ssl_stapling on; > Reinstalling domain (location) in dashboard also works...

girish

@BetaBreak Thanks for the reminder. I read that announcement and summarized it here - https://forum.cloudron.io/topic/4917/ocsp-stapling-for-tls-ssl/7 . We will remove the stapling config in our code entirely , that way the warnings will go away.

BetaBreak

@girish it seems to be that the ssl certs are not the cause of my openid / dashboard crashes. I can't find anything else in the logs..

girish

Fixed here - https://git.cloudron.io/platform/box/-/commit/ac7001b96e176e540ede9bb81e3fcb17ae7f6416