nginx: [warn] "ssl_stapling"

• CentOS Version: CentOS 7 64bit
  
• Centmin Mod Version Installed: 130.00beta01 centminmod.com
• Nginx Version Installed: 1.23.4

After upgrading Nginx from version 1.23.4 to 1.23.4 I got the following error

Code:

autoprotect.sh run completed skipped nginx reload...

service nginx reload
Redirecting to /bin/systemctl reload nginx.service

nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "r3.o.lencr.org" in the certificate "/usr/local/nginx/conf/ssl/algotrade.online/domain2.online-acme-ecc.cer"
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "r3.o.lencr.org" in the certificate "/usr/local/nginx/conf/ssl/domain1.online/algotrade.online-acme.cer"
.....

This error occurred when I added a new domain through #2.
I was able to solve this problem in the following way.

---

Code:

1. Open 
/ etc / hosts
2. Add 
23 . 32 . 238 . 51 r3 . o . lencr.org

ps. You need to remove the extra spaces because CloudFlare won't let me publish the above code.

 

Code:

 cat /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4

 

Code:

TLS SNI support enabled
configure arguments: --with-ld-opt='-Wl,-E -L/usr/local/nginx-dep/lib -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/nginx-dep/lib -fuse-ld=gold' --with-cc-opt='-I/usr/local/nginx-dep/include -m64 -march=native -falign-functions=32 -g -O3 -Wno-strict-aliasing -fstack-protector-strong -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wno-pointer-sign -Wimplicit-fallthrough=0 -Wno-missing-profile -Wno-implicit-function-declaration -Wno-int-conversion -Wno-unused-result -Wno-unused-result -Wno-vla-parameter -Wno-stringop-overflow -fcode-hoisting -Wno-cast-function-type -Wno-format-extra-args -Wno-vla-parameter -Wno-stringop-overflow -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --build=030423-183401-centos7-kvm-bc30327-br-6e975bc --with-compat --without-pcre2 --with-http_stub_status_module --with-http_secure_link_module --with-libatomic --with-http_gzip_static_module --add-dynamic-module=../ngx_brotli --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --add-dynamic-module=../njs/nginx --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_preread_module --with-threads --with-stream --with-stream_ssl_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.2 --add-module=../ngx_cache_purge-2.5.1 --add-dynamic-module=../ngx_devel_kit-0.3.0 --add-dynamic-module=../set-misc-nginx-module-0.32 --add-dynamic-module=../echo-nginx-module-0.62 --add-module=../redis2-nginx-module-0.15 --add-module=../ngx_http_redis-0.4.0-cmm --add-module=../memc-nginx-module-0.19 --add-module=../srcache-nginx-module-0.32 --add-dynamic-module=../headers-more-nginx-module-0.34 --with-pcre-jit --with-zlib=../zlib-1.2.11 --with-http_ssl_module --with-http_v2_module --with-openssl=../openssl-1.1.1t --add-dynamic-module=../ModSecurity-nginx

I tried to solve the problem by adding the settings to custom_config.inc

Code:

# OpenSSL
NGINX_PRIORITIZECHACHA='n' # https://community.centminmod.com/posts/67042/
SSL_PROTOCOL_MODERN='y'         # switch Nginx HTTPS to disabel TLSv1.0 & TLSv1.1 by default and support TLSv1.2 minimum
DISABLE_TLSONEZERO_PROTOCOL='n' # disable TLS 1.0 protocol by default industry is moving to deprecate for security
NOSOURCEOPENSSL='y'        # set to 'y' to disable OpenSSL source compile for system default YUM package setup
OPENSSL_VERSION='1.1.1t'   # Use this version of OpenSSL http://openssl.org/
OPENSSL_VERSIONFALLBACK='1.1.1t'   # fallback if OPENSSL_VERSION uses openssl 1.1.x branch
OPENSSL_VERSION_OLDOVERRIDE='1.1.1t' # override version if persist config OPENSSL_VERSION variable is out of date
OPENSSL_QUIC_VERSION='OpenSSL_1_1_1t+quic'
OPENSSL_THREADS='y'        # control whether openssl 1.1 branch uses threading or not
OPENSSL_TLSONETHREE='y'    # whether OpenSSL 1.1.1 builds enable TLSv1.3
OPENSSL_CUSTOMPATH='/opt/openssl'  # custom directory path for OpenSSL 1.0.2+
CLOUDFLARE_PATCHSSL='n'    # set 'y' to implement Cloudflare's chacha20 patch https://github.com/cloudflare/sslconfig
CLOUDFLARE_ZLIB='n'        # используйте оптимизированный для Cloudflare форк zlib https://blog.cloudflare.com/cloudflare-fights-cancer/
CLOUDFLARE_ZLIB_DYNAMIC='y' # compile nginx CF zlib as a dynamically instead of statically
CLOUDFLARE_ZLIB_OPENSSL='n' # compile dynamically custom OpenSSL against Cloudflare zlib library
CLOUDFLARE_ZLIBRESET='y'   # if CLOUDFLARE_ZLIB='n' set, then revert gzip compression level from 9 to 5 automatically
CLOUDFLARE_ZLIBRAUTOMAX='n' # don't auto raise nginx gzip compression level to 9 if using Cloudflare zlib
CLOUDFLARE_ZLIBPHP='n'     # use Cloudflare optimised zlib fork for PHP-FPM zlib instead of system zlib
CLOUDFLARE_ZLIBDEBUG='n'   # make install debug verbose mode
CLOUDFLARE_ZLIBVER='1.3.0'
NGINX_DYNAMICTLS='n'          # set 'y' Включаем перекомпилирование nginx  https://blog.cloudflare.com/optimizing-tls-over-tcp-to-reduce-latency/
OPENSSLECDSA_PATCH='n'        # https://community.centminmod.com/posts/57725/
OPENSSLECDHX_PATCH='n'        # https://community.centminmod.com/posts/57726/
OPENSSLEQUALCIPHER_PATCH='n'  # https://community.centminmod.com/posts/57916/
PRIORITIZE_CHACHA_OPENSSL='n' # https://community.centminmod.com/threads/15708/

But it didn't help for some reason.

 

My apologies for my lack of attention

Code:

nginx version: nginx/1.23.4 (030423-183401-centos7-kvm-bc30327-br-6e975bc)
built by gcc 11.2.1 20220127 (Red Hat 11.2.1-9) (GCC)
built with OpenSSL 1.1.1t  7 Feb 2023
TLS SNI support enabled
configure arguments: --with-ld-opt='-Wl,-E -L/usr/local/nginx-dep/lib -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/nginx-dep/lib -fuse-ld=gold' --with-cc-opt='-I/usr/local/nginx-dep/include -m64 -march=native -falign-functions=32 -g -O3 -Wno-strict-aliasing -fstack-protector-strong -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wno-pointer-sign -Wimplicit-fallthrough=0 -Wno-missing-profile -Wno-implicit-function-declaration -Wno-int-conversion -Wno-unused-result -Wno-unused-result -Wno-vla-parameter -Wno-stringop-overflow -fcode-hoisting -Wno-cast-function-type -Wno-format-extra-args -Wno-vla-parameter -Wno-stringop-overflow -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --build=030423-183401-centos7-kvm-bc30327-br-6e975bc --with-compat --without-pcre2 --with-http_stub_status_module --with-http_secure_link_module --with-libatomic --with-http_gzip_static_module --add-dynamic-module=../ngx_brotli --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --add-dynamic-module=../njs/nginx --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_preread_module --with-threads --with-stream --with-stream_ssl_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.2 --add-module=../ngx_cache_purge-2.5.1 --add-dynamic-module=../ngx_devel_kit-0.3.0 --add-dynamic-module=../set-misc-nginx-module-0.32 --add-dynamic-module=../echo-nginx-module-0.62 --add-module=../redis2-nginx-module-0.15 --add-module=../ngx_http_redis-0.4.0-cmm --add-module=../memc-nginx-module-0.19 --add-module=../srcache-nginx-module-0.32 --add-dynamic-module=../headers-more-nginx-module-0.34 --with-pcre-jit --with-zlib=../zlib-1.2.11 --with-http_ssl_module --with-http_v2_module --with-openssl=../openssl-1.1.1t --add-dynamic-module=../ModSecurity-nginx