I was testing the non-proxy case as requested by Robie.
@Horst - could you do the real proxy case testing?
P.S. After so many years of joking about "localhorst" is is great to meet THE localhorst :-)
Setup is following: https://cwiki.apache.org/confluence/display/httpd/OCSPStapling
After enabling ssl/letencrypt that means enabling OCSP like: SSLUseStapling On SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_stapling(32768)
to /etc/apache2/mods-available/ssl.conf
I was updating that system to the version from proposed.
ubuntu@cpaelzer-amd64-certbot4:~$ sudo apt upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
apache2 apache2-bin apache2-data apache2-utils libuv1
5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 standard security update
Need to get 1599 kB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://us.archive.ubuntu.com/ubuntu focal-proposed/main amd64 apache2 amd64 2.4.41-4ubuntu3.4 [95.5 kB]
Get:2 http://us.archive.ubuntu.com/ubuntu focal-proposed/main amd64 apache2-bin amd64 2.4.41-4ubuntu3.4 [1180 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu focal-proposed/main amd64 apache2-data all 2.4.41-4ubuntu3.4 [159 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu focal-proposed/main amd64 apache2-utils amd64 2.4.41-4ubuntu3.4 [84.0 kB]
Get:5 http://us.archive.ubuntu.com/ubuntu focal-security/main amd64 libuv1 amd64 1.34.2-1ubuntu1.3 [80.8 kB]
Fetched 1599 kB in 0s (42.0 MB/s)
(Reading database ... 126331 files and directories currently installed.)
Preparing to unpack .../apache2_2.4.41-4ubuntu3.4_amd64.deb ...
Unpacking apache2 (2.4.41-4ubuntu3.4) over (2.4.41-4ubuntu3.3) ...
Preparing to unpack .../apache2-bin_2.4.41-4ubuntu3.4_amd64.deb ...
Unpacking apache2-bin (2.4.41-4ubuntu3.4) over (2.4.41-4ubuntu3.3) ...
Preparing to unpack .../apache2-data_2.4.41-4ubuntu3.4_all.deb ...
Unpacking apache2-data (2.4.41-4ubuntu3.4) over (2.4.41-4ubuntu3.3) ...
Preparing to unpack .../apache2-utils_2.4.41-4ubuntu3.4_amd64.deb ...
Unpacking apache2-utils (2.4.41-4ubuntu3.4) over (2.4.41-4ubuntu3.3) ...
Preparing to unpack .../libuv1_1.34.2-1ubuntu1.3_amd64.deb ...
Unpacking libuv1:amd64 (1.34.2-1ubuntu1.3) over (1.34.2-1ubuntu1.1) ...
Setting up apache2-bin (2.4.41-4ubuntu3.4) ...
Setting up libuv1:amd64 (1.34.2-1ubuntu1.3) ...
Setting up apache2-data (2.4.41-4ubuntu3.4) ...
Setting up apache2-utils (2.4.41-4ubuntu3.4) ...
Setting up apache2 (2.4.41-4ubuntu3.4) ...
Processing triggers for ufw (0.36-6) ...
Processing triggers for systemd (245.4-4ubuntu3.7) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for libc-bin (2.31-0ubuntu9.2) ...
Restart due to the update was fine:
$ systemctl status apache2
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2021-07-07 13:33:06 UTC; 17s ago
I was testing the non-proxy case as requested by Robie.
@Horst - could you do the real proxy case testing?
P.S. After so many years of joking about "localhorst" is is great to meet THE localhorst :-)
Setup is following: /cwiki. apache. org/confluence/ display/ httpd/OCSPStapl ing
SSLUseStapling On
SSLStaplingCac he shmcb:$ {APACHE_ RUN_DIR} /ssl_stapling( 32768) mods-available/ ssl.conf
https:/
After enabling ssl/letencrypt that means enabling OCSP like:
to /etc/apache2/
After that testing is inspired by /www.digicert. com/kb/ ssl-support/ apache- enable- ocsp-stapling- on-server. htm
https:/
$ echo " " | openssl s_client -showcerts -connect apache- certbot- focal.dd- dns.de: 443 -status |& grep -i ocsp
OCSP response:
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Respons
I was updating that system to the version from proposed. cpaelzer- amd64-certbot4: ~$ sudo apt upgrade us.archive. ubuntu. com/ubuntu focal-proposed/main amd64 apache2 amd64 2.4.41-4ubuntu3.4 [95.5 kB] us.archive. ubuntu. com/ubuntu focal-proposed/main amd64 apache2-bin amd64 2.4.41-4ubuntu3.4 [1180 kB] us.archive. ubuntu. com/ubuntu focal-proposed/main amd64 apache2-data all 2.4.41-4ubuntu3.4 [159 kB] us.archive. ubuntu. com/ubuntu focal-proposed/main amd64 apache2-utils amd64 2.4.41-4ubuntu3.4 [84.0 kB] us.archive. ubuntu. com/ubuntu focal-security/main amd64 libuv1 amd64 1.34.2-1ubuntu1.3 [80.8 kB] 2.4.41- 4ubuntu3. 4_amd64. deb ... bin_2.4. 41-4ubuntu3. 4_amd64. deb ... data_2. 4.41-4ubuntu3. 4_all.deb ... utils_2. 4.41-4ubuntu3. 4_amd64. deb ... 1.34.2- 1ubuntu1. 3_amd64. deb ...
ubuntu@
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
apache2 apache2-bin apache2-data apache2-utils libuv1
5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 standard security update
Need to get 1599 kB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://
Get:2 http://
Get:3 http://
Get:4 http://
Get:5 http://
Fetched 1599 kB in 0s (42.0 MB/s)
(Reading database ... 126331 files and directories currently installed.)
Preparing to unpack .../apache2_
Unpacking apache2 (2.4.41-4ubuntu3.4) over (2.4.41-4ubuntu3.3) ...
Preparing to unpack .../apache2-
Unpacking apache2-bin (2.4.41-4ubuntu3.4) over (2.4.41-4ubuntu3.3) ...
Preparing to unpack .../apache2-
Unpacking apache2-data (2.4.41-4ubuntu3.4) over (2.4.41-4ubuntu3.3) ...
Preparing to unpack .../apache2-
Unpacking apache2-utils (2.4.41-4ubuntu3.4) over (2.4.41-4ubuntu3.3) ...
Preparing to unpack .../libuv1_
Unpacking libuv1:amd64 (1.34.2-1ubuntu1.3) over (1.34.2-1ubuntu1.1) ...
Setting up apache2-bin (2.4.41-4ubuntu3.4) ...
Setting up libuv1:amd64 (1.34.2-1ubuntu1.3) ...
Setting up apache2-data (2.4.41-4ubuntu3.4) ...
Setting up apache2-utils (2.4.41-4ubuntu3.4) ...
Setting up apache2 (2.4.41-4ubuntu3.4) ...
Processing triggers for ufw (0.36-6) ...
Processing triggers for systemd (245.4-4ubuntu3.7) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for libc-bin (2.31-0ubuntu9.2) ...
Restart due to the update was fine: system/ apache2. service; enabled; vendor preset: enabled)
$ systemctl status apache2
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/
Active: active (running) since Wed 2021-07-07 13:33:06 UTC; 17s ago
OSCP is still happy:
$ echo " " | openssl s_client -showcerts -connect apache- certbot- focal.dd- dns.de: 443 -status |& grep -i ocsp
OCSP response:
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Also otherwise I can see no difference