From 831a9dcc486176a5438ff15c81a01a44ff820905 Mon Sep 17 00:00:00 2001
From: nutra-bot <nutradigest@gmail.com>
Date: Thu, 11 Sep 2025 19:36:44 +0000
Subject: [PATCH] OCSP responders disabled by letsencrypt Q3 2025

---
 etc/nginx/conf.d/default.conf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/etc/nginx/conf.d/default.conf b/etc/nginx/conf.d/default.conf
index 25526bc..aaccca5 100644
--- a/etc/nginx/conf.d/default.conf
+++ b/etc/nginx/conf.d/default.conf
@@ -138,10 +138,10 @@ server {
 
   # HSTS
   add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
-  # OCSP stapling
-  ssl_stapling on;
-  ssl_stapling_verify on;
   ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
+  # OCSP stapling (NOTE: Responders disabled by letsencrypt as of Q3 2025)
+  #ssl_stapling on;
+  #ssl_stapling_verify on;
 
   # React app (base URL)
   location / {
-- 
2.52.0