From bf8e98e200a02cb9c43943fa98b253cc0baa8e01 Mon Sep 17 00:00:00 2001
From: Sven Schwyn <sven.schwyn@bitcetera.com>
Date: Tue, 12 Aug 2025 16:58:44 +0200
Subject: [PATCH] Remove OCSP stapling by Nginx

---
 core/nginx/conf/nginx.conf        | 2 --
 towncrier/newsfragments/3886.misc | 1 +
 2 files changed, 1 insertion(+), 2 deletions(-)
 create mode 100644 towncrier/newsfragments/3886.misc

diff --git a/core/nginx/conf/nginx.conf b/core/nginx/conf/nginx.conf
index 2dba0130..ae250459 100644
--- a/core/nginx/conf/nginx.conf
+++ b/core/nginx/conf/nginx.conf
@@ -116,8 +116,6 @@ http {
 {% endif %}
 
       include /etc/nginx/tls.conf;
-      ssl_stapling on;
-      ssl_stapling_verify on;
       ssl_session_cache shared:SSLHTTP:3m;
       add_header Strict-Transport-Security 'max-age=31536000';
 
diff --git a/towncrier/newsfragments/3886.misc b/towncrier/newsfragments/3886.misc
new file mode 100644
index 00000000..e4564145
--- /dev/null
+++ b/towncrier/newsfragments/3886.misc
@@ -0,0 +1 @@
+Remove OCSP stapling by Nginx because Let's Encrypt has dropped OCSP support