Nginx warnings in swag log about "ssl_stapling" ignored

Hello, it is more a FYI than a request for support.

I had my log filled with lots of warnings:

nginx: [warn] “ssl_stapling” ignored, no OCSP responder URL in the certificate “/config/keys/cert.crt”

Apparently Let’s Encrypt dropped OCSP. Not sure what it is.

But commenting out or setting those on off in /swag/config/nginx/ssl.conf solved the warning.

 ssl_stapling on;
 ssl_stapling_verify on;

It didn’t seem to create more problems.

your container logs also tell you that you have configs out of date and if you updated them, it would have also resolved your warning.

There were NO warnings whatsoever about ssl.conf located in /swag/config/nginx

Besides my ssl.conf is dated from 06/12/2024 and it seems to be the latest.

## Version 2024/12/06 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/ssl.conf.sample

### Mozilla Recommendations
# generated 2024-12-06, Mozilla Guideline v5.7, nginx 1.26.2, OpenSSL 3.3.2, intermediate config, no OCSP
# https://ssl-config.mozilla.org/#server=nginx&version=1.26.2&config=intermediate&openssl=3.3.2&ocsp=false&guideline=5.7

After comparing its content, I noticed that indeed the OCSP should have been commented out.
But were not in mine.

And apparently they were removed altogether later.

That is about a year old, latest is 05/31/2025, I would ensure you are properly pulling the latest release to ensure it’s checking for out of date configs and ensuring the security of your container

the ssl.conf in the master branch is the 06/12/2024 so does the master branch need to be updated then? or should linuxserver/swag point to the 3.22 branch?

Edit: Looks like removing the master is the plan, so swag should be updated

Actually this appears to be being addressed already:

as noted in the GHI you opened (there is really no need for you to post the same info in multiple places) your confs are outdated and your container logs would tell you this. The ssl_stapling was commented out by default in August of 2022, it was fully removed in November of 2024.

tl;dr this issue only exists for users that do not properly update their container, which is also why very few see this issue.