OCSP 미지원시 Nginx 경고
# nginx -t
nginx: [warn] "ssl_stapling" ignored, no OCSP responder URL in the certificate "/etc/letsencrypt/live/php79.com/fullchain.pem"
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
원인 - Let's Encrypt OCSP 서비스 종료
https://letsencrypt.org/2025/08/06/ocsp-service-has-reached-end-of-life
기존 사용자용 수작업 조치
grep -E '^ssl_stapling' /etc/letsencrypt/php79/*.conf
# 파일 목록 예시
/etc/letsencrypt/php79/ssl-hosting.conf:ssl_stapling on;
/etc/letsencrypt/php79/ssl-hosting.conf:ssl_stapling_verify on;
/etc/letsencrypt/php79/ssl-modern.conf:ssl_stapling on;
/etc/letsencrypt/php79/ssl-modern.conf:ssl_stapling_verify on;
/etc/letsencrypt/php79/ssl-stable.conf:ssl_stapling on;
/etc/letsencrypt/php79/ssl-stable.conf:ssl_stapling_verify on;
FILES=( `grep -lE '^ssl_stapling' /etc/letsencrypt/php79/*.conf` )
for i in "${FILES[@]}"
do
echo "replace file : ${i}"
sed -i 's/^ssl_stapling/#ssl_stapling/g' "${i}"
done
- ssl_stapling, ssl_stapling_verify 설정이 주석 처리(#)된 것 확인
grep 'ssl_stapling' /etc/letsencrypt/php79/*.conf
nginx -t && systemctl restart nginx
업데이트시 반영
OCSP 미지원시 Nginx 경고
원인 - Let's Encrypt OCSP 서비스 종료
https://letsencrypt.org/2025/08/06/ocsp-service-has-reached-end-of-life
기존 사용자용 수작업 조치
nginx -t && systemctl restart nginx업데이트시 반영