CT Nginx: Disable OCSP/ssl_stapling by default

Disableing this due to LE dropping support for it on May 7th, 2025
2025-01-28 01:41:31 +01:00
parent ea801f672f
commit d56e339443
2 changed files with 1 additions and 3 deletions
--- a/CT-Files/nginx/Configs/nginx.conf
+++ b/CT-Files/nginx/Configs/nginx.conf
@@ -37,8 +37,6 @@ http {
    ssl_ecdh_curve secp384r1;
    ssl_session_cache shared:le_nginx_SSL:1m;
    ssl_session_timeout 1440m;
-    ssl_stapling on;
-    ssl_stapling_verify on;
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
--- a/CT-Files/nginx/Scripts/AddDomain.sh
+++ b/CT-Files/nginx/Scripts/AddDomain.sh
@@ -64,7 +64,7 @@ if $request; then
    service nginx reload

    #Enabling SSL
-    /opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --nginx --ocsp --keylength 'ec-384' -d "$domain"
+    /opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --nginx --keylength 'ec-384' -d "$domain"
    certsatus=$?
    
    if test $certsatus -eq 0