"ssl_stapling" ignored error (issuer certificate not found)

After booting up a new instance of Nginx and replacing the keys w/ my Cloudflare Origin key/cert details, I’m receiving the following error when starting the container:

nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/config/keys/cert.crt"

Nginx seems to be working as expected, so I’m not sure if I need to actually resolve this issue or if it’s okay to ignore for the time being?

I’m asking our SSL team internally but you can safely ignore this. If you’re putting your origin behind Cloudflare (as implied by you installing the Origin cert form us) we don’t need to see the stapled responses from your origin. So I think you can ignore, and maybe might even want to disable the ssl_stapling feature on your nginx configuration.

1 Like

When I’d first enabled stapling on my Apache server, with Cloudflare origin certificates, I’d gotten a similar message in the Apache error log:

ssl_stapling_init_cert: can’t retrieve issuer certificate!

Configuring the Origin CA root certificate (SSLCertificateChainFile for Apache, and if I recall, ssl_trusted_certificate for Nginx) resolved it. I used the following to check it:

/usr/bin/openssl ocsp -issuer origin_ca_rsa_root.pem -cert origin_certificate.pem -text -url http://ocsp.cloudflare.com/origin_ca

It should return a result of Cert Status: good.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.