it seems let’s encrypt ends OCSP support. consequently OCSP stapling must be disabled in nginx:
January 30, 2025
OCSP Must-Staple requests will fail, unless the requesting account has previously issued a certificate containing the OCSP Must Staple extension
May 7, 2025
Prior to this date we will have added CRL URLs to certificates
On this date we will drop OCSP URLs from certificates
On this date all requests including the OCSP Must Staple extension will fail
August 6, 2025
On this date we will turn off our OCSP responders
I guess that In nginx.ssl.conf of your domains, ssl stapling should be turned off or commented out but if domains are rebuilt it will put ssl stapling on. change should be at hestia cp level:
To do so for all domains,
it would be required to go to nginx templates of Hestia under:
/usr/local/hestia/data/templates/web/nginx
choose the .stpl that are used for your domains. (in fact, you should do it with all templates where you find the two directives below.
Comment out like this:
# ssl_stapling on;
# ssl_stapling_verify on;
save
Rebuild all domains of hestia users by doing v-rebuild-web-domains USER
restart nginx
errors should be gone in error.log