Symptoms
- Nginx test command reports the following error:
# nginx -t
nginx: [warn] "ssl_stapling" ignored, no OCSP responder URL in the certificate "/usr/local/psa/var/certificates/scfh9k6g9bc9ao67tuaZNv"
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Cause
The OCSP stapling is enabled for the Let`s Encrypt certificate.
Since May 7, 2025, Let`s Encrypt has removed the OCSP URL from the certificates.
See more information here.
On the Plesk side, created the bug with ID EXTSSLIT-2188. It will be fixed in the future Plesk updates.
Resolution
Until the bug is fixed, as a workaround, manually disable the OCSP stapling.
For one domain via the Plesk UI.
Go to Domains > example.com > SSL\TLS Certificates and disable the OCSP stapling:
For one domain via the CLI:
# plesk ext sslit --ocsp-stapling -disable -domain example.com
For all domains via the CLI:
# plesk bin site -l | while read i; do plesk ext sslit --ocsp-stapling -disable -domain $i; done
Comments
0 comments
Please sign in to leave a comment.