From 4c271d92503aa0b66a59df20ec576cc1622bb14c Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 6 Aug 2025 13:54:05 +0200
Subject: Nginx: Drop OCSP stapling directives.

Let's Encrypt removed OCSP URLs from certificates on 2025-05-07, see
https://letsencrypt.org/2024/12/05/ending-ocsp .
---
 files/etc/nginx/snippets/ssl.conf | 7 -------
 1 file changed, 7 deletions(-)

(limited to 'files/etc/nginx/snippets')

diff --git a/files/etc/nginx/snippets/ssl.conf b/files/etc/nginx/snippets/ssl.conf
index 0bce30a..b86f5e3 100644
--- a/files/etc/nginx/snippets/ssl.conf
+++ b/files/etc/nginx/snippets/ssl.conf
@@ -7,10 +7,3 @@ ssl_dhparam /etc/ssl/dhparams.pem;
 ssl_protocols TLSv1.2 TLSv1.3;
 ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
 ssl_prefer_server_ciphers off;
-
-ssl_stapling on;
-ssl_stapling_verify on;
-
-ssl_trusted_certificate /usr/share/lacme/ca-certificates.crt;
-
-resolver 127.0.0.53;
-- 
cgit v1.2.3