Matrix-Mirrors/matrix.grapheneos.org
1
0
Fork 0
mirror of https://github.com/GrapheneOS/matrix.grapheneos.org.git synced 2025-08-07 05:42:24 -04:00
Code Issues Projects Releases Packages Wiki Activity

handle Let's Encrypt removing OCSP support

Browse source 
We can no longer use OCSP stapling and Must-Staple. These will soon be
obsolete once the `shortlived` profile is available for public use since
it will provide certificates with a similar lifetime as OCSP responses.

In the meantime, we've moved to the `tlsserver` profile stripping legacy
features to prepare for the `shortlived` profile which will be identical
to `tlsserver` but with a validity period of 6 days.
This commit is contained in:
Daniel Micay 2025-05-04 21:43:29 -04:00
parent e64c9b7ea3
commit a2f4e1d8fe
1 changed files with 0 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

5
nginx/nginx.conf
View file

@ -66,11 +66,6 @@ http {
ssl_session_timeout 1d;
ssl_buffer_size 4k;
ssl_trusted_certificate /etc/letsencrypt/live/matrix.grapheneos.org/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_stapling_file /var/cache/certbot-ocsp-fetcher/matrix.grapheneos.org.der;
log_format main '$connection-$connection_requests $remote_addr $remote_user $ssl_session_reused $ssl_protocol $server_protocol '
'$host $request_method "$request_uri" $status $request_length $body_bytes_sent/$bytes_sent '
'$request_time $upstream_connect_time/$upstream_header_time/$upstream_response_time '