diff --git a/.vscode/numbered-bookmarks.json b/.vscode/numbered-bookmarks.json
index 40412e6..cea0b3b 100644
--- a/.vscode/numbered-bookmarks.json
+++ b/.vscode/numbered-bookmarks.json
@@ -4,15 +4,15 @@
 			"fsPath": "$ROOTPATH$/setup.sh",
 			"bookmarks": [
 				-1,
-				30,
-				43,
+				31,
+				44,
+				677,
 				-1,
 				-1,
 				-1,
 				-1,
 				-1,
-				-1,
-				-1
+				354
 			]
 		}
 	]
diff --git a/setup.sh b/setup.sh
index 7d7fca1..90fb1b3 100755
--- a/setup.sh
+++ b/setup.sh
@@ -27,6 +27,7 @@ unset CAChainPath
 unset DHPath
 unset phpVersion
 unset phpType
+unset noOSCP
 
 # set variables
 regexIP4="(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])"
@@ -339,11 +340,20 @@ if [ "${useCertbot}" -eq 0 ]; then
     done
 
     # not using Certbot: get location of CA Certificate Chain
+    echo -e "\n${mag}Your full Certificate Authority certificate-chain (root and any/all"
+    echo "intermediate certificates bundled in one file) is required if you want NGINX"
+    echo "to provide OSCP stapling for your visitors.  In most cases, you want this."
+    echo "If you don't have your CA chain, you can fill in the filename you'll be saving"
+    echo "it as in the future and confirm it when the scripts prompts you.  In that"
+    echo -e "case, however, ${warn}NGINX will not work until that file actually exists.${mag}"
+    echo -e "\nIf you are using a self-signed certificate or do not want OSCP stapling, leave"
+    echo -e "this blank ${warn}(hit enter)${mag} and the relevant configuration section will be disabled.${norm}"
     while true; do
         read -p "What is the path to your primary SSL CA Chain certificate? " inputCAChainPath
         case "${inputCAChainPath}" in
             '')
-                echo -e "\n${err}You cannot have an empty path to your SSL CA Chain certificate${norm}"
+                noOSCP=1
+                break
                 ;;
             [Xx]*)
                 echo -e "\n${cyan}---exiting---\n${norm}"