From d56e33944351e1a84137ad9cf034c1e15bc5ebdc Mon Sep 17 00:00:00 2001
From: Bram Prieshof <bram@bprieshof.nl>
Date: Tue, 28 Jan 2025 01:41:31 +0100
Subject: [PATCH] CT Nginx: Disable OCSP/ssl_stapling by default

Disableing this due to LE dropping support for it on May 7th, 2025
---
 CT-Files/nginx/Configs/nginx.conf   | 2 --
 CT-Files/nginx/Scripts/AddDomain.sh | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/CT-Files/nginx/Configs/nginx.conf b/CT-Files/nginx/Configs/nginx.conf
index 9585809..07d3b0d 100644
--- a/CT-Files/nginx/Configs/nginx.conf
+++ b/CT-Files/nginx/Configs/nginx.conf
@@ -37,8 +37,6 @@ http {
     ssl_ecdh_curve secp384r1;
     ssl_session_cache shared:le_nginx_SSL:1m;
     ssl_session_timeout 1440m;
-    ssl_stapling on;
-    ssl_stapling_verify on;
     ssl_prefer_server_ciphers on;
     ssl_protocols TLSv1.2 TLSv1.3;
     ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
diff --git a/CT-Files/nginx/Scripts/AddDomain.sh b/CT-Files/nginx/Scripts/AddDomain.sh
index 97fe2f6..bfe065d 100644
--- a/CT-Files/nginx/Scripts/AddDomain.sh
+++ b/CT-Files/nginx/Scripts/AddDomain.sh
@@ -64,7 +64,7 @@ if $request; then
     service nginx reload
 
     #Enabling SSL
-    /opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --nginx --ocsp --keylength 'ec-384' -d "$domain"
+    /opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --nginx --keylength 'ec-384' -d "$domain"
     certsatus=$?
     
     if test $certsatus -eq 0