How to resolve "ssl_stapling" ignored, no OCSP responder URL in the certificate error

LetsEncrypt announced in December 2024, that they would be ending support for SSL Stapling.

The timeline for this was given as :

  • January 30, 2025
  •     OCSP Must-Staple requests will fail, unless the requesting account has previously issued a certificate containing the OCSP Must Staple extension
    
  • May 7, 2025
    
  •     Prior to this date we will have added CRL URLs to certificates
    
  •     On this date we will drop OCSP URLs from certificates
    
  •     On this date all requests including the OCSP Must Staple extension will fail
    
  • August 6, 2025
    
  •     On this date we will turn off our OCSP responders
    

The error I was receiving in the /var/log/nginx/error.log, when nginx was restarted was:

"ssl_stapling" ignored, no OCSP responder URL in the certificate

The fix for this is easy. Open /etc/nginx/conf.d/ssl.conf in your favorite editor and comment out the following lines:

#ssl_stapling on;
#ssl_stapling_verify on;

Save the file, and

systemctl restart nginx

Should get you back up and running.

1 Like