ssl_stapling ignored: OCSP responder missing with Let's Encrypt certs #40

New Issue

MrUnknownDE · 2026-04-05T20:25:20+02:00

MrUnknownDE commented

2026-04-05 20:25:20 +02:00

Originally created by @Tealk on 10/12/2025

CloudPanel version(s) affected

v2.5.2

Description

When using Let's Encrypt certificates with Nginx via CloudPanel, enabling ssl_stapling triggers a warning:

nginx: [warn] "ssl_stapling" ignored, no OCSP responder URL in the certificate ...

This seems to be caused by CloudPanel's way of linking certificates, which may not include the full certificate chain needed for OCSP stapling.

How to reproduce

Issue a Let's Encrypt certificate through CloudPanel.
Test config nginx -t.

Possible Solution

Ensure that CloudPanel uses the full certificate chain (fullchain.pem) in the Nginx configuration instead of only the server certificate. This should provide the OCSP responder URL required for stapling.

Additional Context

No response

*Originally created by @Tealk on 10/12/2025* ### CloudPanel version(s) affected v2.5.2 ### Description When using Let's Encrypt certificates with Nginx via CloudPanel, enabling `ssl_stapling` triggers a warning: ``` nginx: [warn] "ssl_stapling" ignored, no OCSP responder URL in the certificate ... ``` This seems to be caused by CloudPanel's way of linking certificates, which may not include the full certificate chain needed for OCSP stapling. ### How to reproduce 1. Issue a Let's Encrypt certificate through CloudPanel. 2. Test config `nginx -t`. ### Possible Solution Ensure that CloudPanel uses the full certificate chain (`fullchain.pem`) in the Nginx configuration instead of only the server certificate. This should provide the OCSP responder URL required for stapling. ### Additional Context _No response_

MrUnknownDE closed this issue

2026-04-05 20:25:20 +02:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/cloudpanel-ce#40