diff --git a/pkg/provider/acme/challenge_tls.go b/pkg/provider/acme/challenge_tls.go index 6249bc52e..d2f20e35a 100644 --- a/pkg/provider/acme/challenge_tls.go +++ b/pkg/provider/acme/challenge_tls.go @@ -153,6 +153,9 @@ func createMessage(certs map[string]*Certificate) dynamic.Message { Certificate: traefiktls.Certificate{ CertFile: traefiktls.FileOrContent(cert.Certificate), KeyFile: traefiktls.FileOrContent(cert.Key), + OCSP: traefiktls.OCSPConfig{ + DisableStapling: true, + }, }, Stores: []string{tlsalpn01.ACMETLS1Protocol}, } diff --git a/pkg/provider/acme/provider.go b/pkg/provider/acme/provider.go index 429b87e3f..be211ab04 100644 --- a/pkg/provider/acme/provider.go +++ b/pkg/provider/acme/provider.go @@ -781,9 +781,6 @@ func (p *Provider) buildMessage() dynamic.Message { Certificate: traefiktls.Certificate{ CertFile: traefiktls.FileOrContent(cert.Certificate.Certificate), KeyFile: traefiktls.FileOrContent(cert.Key), - OCSP: traefiktls.OCSPConfig{ - DisableStapling: true, - }, }, Stores: []string{cert.Store}, } diff --git a/pkg/provider/consulcatalog/connect_tls.go b/pkg/provider/consulcatalog/connect_tls.go index 27bc8f828..5b7a92739 100644 --- a/pkg/provider/consulcatalog/connect_tls.go +++ b/pkg/provider/consulcatalog/connect_tls.go @@ -26,9 +26,6 @@ func (c *connectCert) getLeaf() traefiktls.Certificate { return traefiktls.Certificate{ CertFile: traefiktls.FileOrContent(c.leaf.cert), KeyFile: traefiktls.FileOrContent(c.leaf.key), - OCSP: traefiktls.OCSPConfig{ - DisableStapling: false, - }, } } diff --git a/pkg/provider/kubernetes/crd/kubernetes.go b/pkg/provider/kubernetes/crd/kubernetes.go index 7e6d45b50..04d55cef9 100644 --- a/pkg/provider/kubernetes/crd/kubernetes.go +++ b/pkg/provider/kubernetes/crd/kubernetes.go @@ -943,9 +943,6 @@ func buildTLSStores(ctx context.Context, client Client) (map[string]tls.Store, m tlsStore.DefaultCertificate = &tls.Certificate{ CertFile: tls.FileOrContent(cert), KeyFile: tls.FileOrContent(key), - OCSP: tls.OCSPConfig{ - DisableStapling: false, - }, } } @@ -1032,9 +1029,6 @@ func getTLS(k8sClient Client, secretName, namespace string) (*tls.CertAndStores, Certificate: tls.Certificate{ CertFile: tls.FileOrContent(cert), KeyFile: tls.FileOrContent(key), - OCSP: tls.OCSPConfig{ - DisableStapling: false, - }, }, }, nil } diff --git a/pkg/provider/kubernetes/gateway/kubernetes.go b/pkg/provider/kubernetes/gateway/kubernetes.go index ce846f8c5..7b2bc5b72 100644 --- a/pkg/provider/kubernetes/gateway/kubernetes.go +++ b/pkg/provider/kubernetes/gateway/kubernetes.go @@ -1357,9 +1357,6 @@ func getTLS(k8sClient Client, secretName v1alpha2.ObjectName, namespace string) Certificate: tls.Certificate{ CertFile: tls.FileOrContent(cert), KeyFile: tls.FileOrContent(key), - OCSP: tls.OCSPConfig{ - DisableStapling: false, - }, }, }, nil } diff --git a/pkg/provider/kubernetes/ingress/kubernetes.go b/pkg/provider/kubernetes/ingress/kubernetes.go index d6cc3aac1..5605f97b9 100644 --- a/pkg/provider/kubernetes/ingress/kubernetes.go +++ b/pkg/provider/kubernetes/ingress/kubernetes.go @@ -428,9 +428,6 @@ func getCertificates(ctx context.Context, ingress *networkingv1.Ingress, k8sClie Certificate: tls.Certificate{ CertFile: tls.FileOrContent(cert), KeyFile: tls.FileOrContent(key), - OCSP: tls.OCSPConfig{ - DisableStapling: false, - }, }, } } diff --git a/pkg/tls/tlsmanager.go b/pkg/tls/tlsmanager.go index 2856b876a..11695bf2d 100644 --- a/pkg/tls/tlsmanager.go +++ b/pkg/tls/tlsmanager.go @@ -209,7 +209,7 @@ func (m *Manager) Get(storeName, configName string) (*tls.Config, error) { if bestCertificate != nil { err := bestCertificate.StapleOCSP() if err != nil { - log.WithoutContext().Warnf("ocsp - error during stable: %w", err) + log.WithoutContext().Warnf("ocsp - error during staple: %w", err) } return bestCertificate.Certificate, nil