Add --no-ocsp command line option #184

New Issue

adam · 2025-12-29T00:26:49+01:00

adam commented

2025-12-29 00:26:49 +01:00

Originally created by @alainwolf on GitHub (Jan 9, 2017).

In my config files I set OCSP_MUST_STAPLE="yes".

I'm already juggling with a multiple config files for different use cases (i.e. to create RSA and EC keys in different cert directories).

But now a subset of my hosts can't have OCSP_MUST_STAPLE. Either the server software does not support it (e.g. mail servers), or there are other hosts outside of my control, which wont support it.
If added in a configuration file, the number of config files and cron-tasks needed grows exponentially.

If I could leave it on by default in my configs, but set it off for a small subset of hosts by command-line would be a great.

Thank you for your consideration and your awesome script. Have a nice day.

Originally created by @alainwolf on GitHub (Jan 9, 2017). In my config files I set `OCSP_MUST_STAPLE="yes"`. I'm already juggling with a multiple config files for different use cases (i.e. to create RSA and EC keys in different cert directories). But now a subset of my hosts can't have `OCSP_MUST_STAPLE`. Either the server software does not support it (e.g. mail servers), or there are other hosts outside of my control, which wont support it. If added in a configuration file, the number of config files and cron-tasks needed grows exponentially. If I could leave it on by default in my configs, but set it off for a small subset of hosts by command-line would be a great. Thank you for your consideration and your awesome script. Have a nice day.

adam closed this issue

2025-12-29 00:26:49 +01:00

adam commented

2025-12-29 00:26:50 +01:00

@lukas2511 commented on GitHub (Jan 11, 2017):

See https://github.com/lukas2511/dehydrated/blob/master/docs/per-certificate-config.md, this should help you.

@lukas2511 commented on GitHub (Jan 11, 2017): See https://github.com/lukas2511/dehydrated/blob/master/docs/per-certificate-config.md, this should help you.

adam commented

2025-12-29 00:26:51 +01:00

@txr13 commented on GitHub (Jan 11, 2017):

@lukas2511

Given that the request was for a command-line flag to unset the MUST_STAPLE option, and given that there's already a flag which essentially sets MUST_STAPLE at execution time, would it not be feasible to implement a flag to unset at execution time? (Read and process the config file, then process script arguments to set / unset the needed option, abort with error if both --ocsp and --no-ocsp are given as arguments.)

If I better understood how to properly fork a branch and submit a PR, I'd do that...

@txr13 commented on GitHub (Jan 11, 2017): @lukas2511 Given that the request was for a command-line flag to unset the MUST_STAPLE option, and given that there's already a flag which essentially sets MUST_STAPLE at execution time, would it not be feasible to implement a flag to unset at execution time? (Read and process the config file, then process script arguments to set / unset the needed option, abort with error if both --ocsp and --no-ocsp are given as arguments.) If I better understood how to properly fork a branch and submit a PR, I'd do that...

adam commented

2025-12-29 00:26:51 +01:00

@lukas2511 commented on GitHub (Jan 11, 2017):

@txr13 i don't want to overload the script with switches, i think that just makes it more complicated to use

@lukas2511 commented on GitHub (Jan 11, 2017): @txr13 i don't want to overload the script with switches, i think that just makes it more complicated to use

adam referenced this issue

2025-12-29 01:28:56 +01:00

[PR #184] [MERGED] wellknown.md: Clarify WELLKNOWN variable #747

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/dehydrated#184