diff --git a/roles/nginx/templates/https.j2 b/roles/nginx/templates/https.j2
index 73d1faa..cbf9769 100644
--- a/roles/nginx/templates/https.j2
+++ b/roles/nginx/templates/https.j2
@@ -14,10 +14,13 @@
     ssl_ciphers "{{ tls_cipher_suite }}";
     ssl_prefer_server_ciphers on;
 
+{# don't use OCSP stapling if we're using a self-signed cert #}
+{% if tls_cert is defined %}
     # OCSP stapling...
     ssl_stapling on;
     ssl_stapling_verify on;
     resolver 8.8.4.4 8.8.8.8;
+{% endif %}
 
     # nginx does not auto-rotate session ticket keys: only a HUP / restart will do so and
     # when a restart is performed the previous key is lost, which resets all previous