nginx: [warn] “ssl_stapling” ignored, issuer certificate not found for certificate “/usr/local/psa/var/certificates/scwqKDI92”
If you see a warning like this in your nginx logs it means that the certificate CA is not in the trust list. When you have Plesk installed the CA chains are being updated, but not included in the nginx config by default.
Open the ssl config file. Nano creates it when it does not exist.
Now change the config to include ssl_trusted_certificate:
# OCSP stapling ssl_stapling on; ssl_stapling_verify on; resolver [::1] 127.0.0.1 [2606:4700:4700::1111] 220.127.116.11; resolver_timeout 5s; # Trusted CA chains ssl_trusted_certificate /etc/ssl/certs/ca-bundle.trust.crt;
(remove the local IPs if you don’t run a local DNS resolver, same goes for IPv6)
Save the file with
CTRL X and hit the
Y key to confirm. Then reload nginx to apply the change.
systemctl reload nginx