The Certs Stack no longer completes successfully due to "OCSP Must Staple"

When trying to create a demo environment with a custom portal name - the certs stack called no longer works. It fails during the create of the Certificate Node Instance. In my investigation I found the following log error when trying to create the cert. 

`[Tue Feb 11 14:35:06 UTC 2025] {
  "type": "urn:ietf:params:acme:error:unauthorized",
  "detail": "Error finalizing order :: OCSP must-staple extension is no longer available: see https://letsencrypt.org/2024/12/05/ending-ocsp",
  "status": 403
}`

Seems like it's related to these two lines - 
[here](https://github.com/aws-samples/aws-hpc-recipes/blob/0bde555e80cfb5fdf464a052b9908d36066aed3b/recipes/security/public_certs/assets/main.yaml#L171)
[and here](https://github.com/aws-samples/aws-hpc-recipes/blob/0bde555e80cfb5fdf464a052b9908d36066aed3b/recipes/security/public_certs/assets/main.yaml#L325)

I'm not familiar with the ramifications of removing this option so I didn't put in a pr request. Hopefully someone more knowledgable than me can take a look. 

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

The Certs Stack no longer completes successfully due to "OCSP Must Staple" #46

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

The Certs Stack no longer completes successfully due to "OCSP Must Staple" #46

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions