That is interesting - and an issue, that might affect soon many people.
You get hit, probably, since you got a new certificate via certbot. Letsencrypt has a stepwise phasing out of OCSP, and the situation is different, how and when exactly you obtain the certificate. The message "cannot obtain URL for Authority Information Access (AIA)," has to do with the exclusion of the URL in certificates issued after May 7, 2025:
https://letsencrypt.org/2024/12/05/ending-ocsp/
This is something, we have to address also for the forthcoming release of NaviServer 5.
The proper way to deactivate OCSPstapling is to deactivate it in the configuration file:
ns_section ns/module/https {
...
ns_param OCSPstapling off ;# off; activate OCSP stapling
# ns_param OCSPstaplingVerbose on ;# off; make OCSP stapling more verbose
# ns_param OCSPcheckInterval 15m ;# default 5m; OCSP (re)check intervale
}
all the best
-g
