diff --git a/server/ocsp.go b/server/ocsp.go
index 72ddfdbb..3f7dbcdf 100644
--- a/server/ocsp.go
+++ b/server/ocsp.go
@@ -334,6 +334,8 @@ func (srv *Server) NewOCSPMonitor(config *tlsConfigKind) (*tls.Config, *OCSPMoni
 	// NOTE: Currently OCSP Stapling is enabled only for the first certificate found.
 	var mon *OCSPMonitor
 	for _, cert := range tc.Certificates {
+		// This is normally non-nil, but can still be nil here when in tests
+		// or in some embedded scenarios.
 		if cert.Leaf == nil {
 			if len(cert.Certificate) <= 0 {
 				return nil, nil, fmt.Errorf("no certificate found")
diff --git a/test/ocsp_test.go b/test/ocsp_test.go
index 53ecd1a1..bce09bda 100644
--- a/test/ocsp_test.go
+++ b/test/ocsp_test.go
@@ -2439,7 +2439,7 @@ func getOCSPStatus(s tls.ConnectionState) (*ocsp.Response, error) {
 	return resp, nil
 }
 
-func TestOCSPManualConfig(t *testing.T) {
+func TestOCSPTLSConfigNoLeafSet(t *testing.T) {
 	o := DefaultTestOptions
 	o.HTTPHost = "127.0.0.1"
 	o.HTTPSPort = -1