Articles in this section

Nginx test reports warning: nginx: [warn] "ssl_stapling" ignored, no OCSP responder URL in the certificate

Sergey Senko
Updated
Plesk for Linux kb: technical ext: sslit ssl

Symptoms

  • Nginx test command reports the following error:

    # nginx -t
    nginx: [warn] "ssl_stapling" ignored, no OCSP responder URL in the certificate "/usr/local/psa/var/certificates/scfh9k6g9bc9ao67tuaZNv"
    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
    nginx: configuration file /etc/nginx/nginx.conf test is successful

Cause

The OCSP stapling is enabled for the Let`s Encrypt certificate. 
Since May 7, 2025, Let`s Encrypt has removed the OCSP URL from the certificates.
See more information here.

On the Plesk side we have implemented a feature with EXTSSLIT-2188 to automatically disable OCSP Stapling.

Resolution

Please consider updating your server:

Workaround

If update is not possible for some reason you may try the following

workaround

For one domain via the CLI:

# plesk ext sslit --ocsp-stapling -disable -domain example.com

For all domains via the CLI:

# plesk bin site -l | while read i; do plesk ext sslit --ocsp-stapling -disable -domain $i; done

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.