Remove OCSP stapling

group_vars/all/helpers.yml

@@ -16,7 +16,6 @@ site_hosts_redirects: "{{ item.value.site_hosts | selectattr('redirects', 'defin
 site_hosts: "{{ site_hosts_canonical | union(site_hosts_redirects) }}"
 multisite_subdomains_wildcards: "{{ item.value.multisite.subdomains | default(false) | ternary( site_hosts_canonical | map('regex_replace', '^(www\\.)?(.*)$', '*.\\2') | list, [] ) }}"
 ssl_enabled: "{{ item.value.ssl is defined and item.value.ssl.enabled | default(false) }}"
-ssl_stapling_enabled: "{{ item.value.ssl is defined and item.value.ssl.stapling_enabled | default(true) }}"
 cron_enabled: "{{ site_env.disable_wp_cron and (not item.value.multisite.enabled | default(false) or (item.value.multisite.enabled | default(false) and item.value.multisite.cron | default(true))) }}"
 sites_use_ssl: "{{ wordpress_sites.values() | map(attribute='ssl') | selectattr('enabled') | list | count > 0 }}"
 

roles/nginx/templates/h5bp/directive-only/ssl.conf

@@ -39,5 +39,3 @@ keepalive_timeout 300s; # up from 75 secs default
 # Make it a symlink to the most important certificate you have, so that users of IE 8 and below on WinXP can see your main site without SSL errors.
 #ssl_certificate      /etc/nginx/default_ssl.crt;
 #ssl_certificate_key  /etc/nginx/default_ssl.key;
-
-# Consider using OCSP Stapling as shown in ssl-stapling.conf

roles/wordpress-setup/templates/wordpress-site.conf.j2

@@ -79,9 +79,6 @@ server {
   {% if ssl_enabled -%}
   # SSL configuration
   include h5bp/directive-only/ssl.conf;
-  {% if ssl_stapling_enabled -%}
-  include h5bp/directive-only/ssl-stapling.conf;
-  {% endif -%}
 
   ssl_buffer_size 1400; # 1400 bytes to fit in one MTU