During last automatic renewal for a domain I manage, I got a warning:
Cannot extract OCSP URI from /etc/letsencrypt/archive/api.mydomain.tld/cert26.pem
I read that OCSP is a protocol and that is currently being dismissed, but I didn't ever configured any option about it. What have i got to do?
My domain is:
api.mydomain.tld (I rather hide the real name)
I ran this command:
certbot renew
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/api.mydomain.tld.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cannot extract OCSP URI from /etc/letsencrypt/archive/api.mydomain.tld/cert26.pem
Cert not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certs are not due for renewal yet:
- /etc/letsencrypt/live/api.mydomain.tld/fullchain.pem expires on 2025-08-15 (skipped)*
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
My web server is (include version):
Apache/2.4.6 (CentOS)
The operating system my web server runs on is (include version):
CentOS Linux release 7.1.1503 (Core)
I can login to a root shell on my machine.
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.7.0