SSL stapling and Let's encrypt certificates
51 views
Skip to first unread message
Massimo S.
Jan 29, 2026, 6:01:46 PMJan 29
to apa...@googlegroups.com
Hi all,
if you find your apache error log full of stuff like this one:
[ssl:error] [pid 96:tid 1] AH02218: ssl_stapling_init_cert: no OCSP URI in certificate and no
SSLStaplingForceURL set [subject: CN=www.yourebsite.com / issuer: CN=R13,O=Let's Encrypt,C=US / serial: ...
or
[Tue Jan 27 23:49:58.893000 2026] [ssl:error] [pid 96:tid 1] AH02604: Unable to configure certificate
www.yourwebsiste.com:443:0 for stapling
You have to disable SSL stapling since LE has stopped supporting SSL stapling,
it's sufficient to add this string to your httpd.conf:
SSLUseStapling off
"Let’s Encrypt will be removing OCSP URLs from certificates on May 7, 2025 as part of our plan to drop OCSP
support and instead support certificate revocation information exclusively via CRLs."
https://community.letsencrypt.org/t/removing-ocsp-urls-from-certificates/236699
massimo
if you find your apache error log full of stuff like this one:
[ssl:error] [pid 96:tid 1] AH02218: ssl_stapling_init_cert: no OCSP URI in certificate and no
SSLStaplingForceURL set [subject: CN=www.yourebsite.com / issuer: CN=R13,O=Let's Encrypt,C=US / serial: ...
or
[Tue Jan 27 23:49:58.893000 2026] [ssl:error] [pid 96:tid 1] AH02604: Unable to configure certificate
www.yourwebsiste.com:443:0 for stapling
You have to disable SSL stapling since LE has stopped supporting SSL stapling,
it's sufficient to add this string to your httpd.conf:
SSLUseStapling off
"Let’s Encrypt will be removing OCSP URLs from certificates on May 7, 2025 as part of our plan to drop OCSP
support and instead support certificate revocation information exclusively via CRLs."
https://community.letsencrypt.org/t/removing-ocsp-urls-from-certificates/236699
massimo
Reply all
Reply to author
Forward
0 new messages