From 077a68f64c3c1d06b76da6792dfec712bb91afc2 Mon Sep 17 00:00:00 2001
From: Raphael Michel <mail@raphaelmichel.de>
Date: Fri, 31 Oct 2025 21:23:56 +0100
Subject: [PATCH] Fail silently if there is no OCSP server

---
 lib/resty/auto-ssl/ssl_certificate.lua | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/lib/resty/auto-ssl/ssl_certificate.lua b/lib/resty/auto-ssl/ssl_certificate.lua
index ab71cfd..89f4173 100644
--- a/lib/resty/auto-ssl/ssl_certificate.lua
+++ b/lib/resty/auto-ssl/ssl_certificate.lua
@@ -159,7 +159,10 @@ end
 local function get_ocsp_response(fullchain_der, auto_ssl_instance)
   -- Pull the OCSP URL to hit out of the certificate chain.
   local ocsp_url, ocsp_responder_err = ocsp.get_ocsp_responder_from_der_chain(fullchain_der)
-  if not ocsp_url then
+  if not ocsp_url and not ocsp_responder_err then
+	-- There is no OCSP responder, stop silently
+	return "", nil
+  elseif not ocsp_url then
     return nil, "failed to get OCSP responder: " .. (ocsp_responder_err or "")
   end
 
@@ -236,9 +239,11 @@ local function set_ocsp_stapling(domain, cert_der, auto_ssl_instance)
   end
 
   -- Set the OCSP stapling response.
-  local ok, ocsp_status_err = ocsp.set_ocsp_status_resp(ocsp_resp)
-  if not ok then
-    return false, "failed to set ocsp status resp: " .. (ocsp_status_err or "")
+  if ocsp_resp ~= "" then
+    local ok, ocsp_status_err = ocsp.set_ocsp_status_resp(ocsp_resp)
+    if not ok then
+      return false, "failed to set ocsp status resp: " .. (ocsp_status_err or "")
+    end
   end
 
   return true