Ubuntu
apache2 package

  1. Bug #1930430
  2. Comment #15

Comment 15 for bug 1930430

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

I was testing the non-proxy case as requested by Robie.

@Horst - could you do the real proxy case testing?

P.S. After so many years of joking about "localhorst" is is great to meet THE localhorst :-)

Setup is following:
  https://cwiki.apache.org/confluence/display/httpd/OCSPStapling
After enabling ssl/letencrypt that means enabling OCSP like:
        SSLUseStapling On
        SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_stapling(32768)
to /etc/apache2/mods-available/ssl.conf

After that testing is inspired by
https://www.digicert.com/kb/ssl-support/apache-enable-ocsp-stapling-on-server.htm

$ echo " " | openssl s_client -showcerts -connect apache-certbot-focal.dd-dns.de:443 -status |& grep -i ocsp
OCSP response:
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Respons

I was updating that system to the version from proposed.
ubuntu@cpaelzer-amd64-certbot4:~$ sudo apt upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
  apache2 apache2-bin apache2-data apache2-utils libuv1
5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 standard security update
Need to get 1599 kB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://us.archive.ubuntu.com/ubuntu focal-proposed/main amd64 apache2 amd64 2.4.41-4ubuntu3.4 [95.5 kB]
Get:2 http://us.archive.ubuntu.com/ubuntu focal-proposed/main amd64 apache2-bin amd64 2.4.41-4ubuntu3.4 [1180 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu focal-proposed/main amd64 apache2-data all 2.4.41-4ubuntu3.4 [159 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu focal-proposed/main amd64 apache2-utils amd64 2.4.41-4ubuntu3.4 [84.0 kB]
Get:5 http://us.archive.ubuntu.com/ubuntu focal-security/main amd64 libuv1 amd64 1.34.2-1ubuntu1.3 [80.8 kB]
Fetched 1599 kB in 0s (42.0 MB/s)
(Reading database ... 126331 files and directories currently installed.)
Preparing to unpack .../apache2_2.4.41-4ubuntu3.4_amd64.deb ...
Unpacking apache2 (2.4.41-4ubuntu3.4) over (2.4.41-4ubuntu3.3) ...
Preparing to unpack .../apache2-bin_2.4.41-4ubuntu3.4_amd64.deb ...
Unpacking apache2-bin (2.4.41-4ubuntu3.4) over (2.4.41-4ubuntu3.3) ...
Preparing to unpack .../apache2-data_2.4.41-4ubuntu3.4_all.deb ...
Unpacking apache2-data (2.4.41-4ubuntu3.4) over (2.4.41-4ubuntu3.3) ...
Preparing to unpack .../apache2-utils_2.4.41-4ubuntu3.4_amd64.deb ...
Unpacking apache2-utils (2.4.41-4ubuntu3.4) over (2.4.41-4ubuntu3.3) ...
Preparing to unpack .../libuv1_1.34.2-1ubuntu1.3_amd64.deb ...
Unpacking libuv1:amd64 (1.34.2-1ubuntu1.3) over (1.34.2-1ubuntu1.1) ...
Setting up apache2-bin (2.4.41-4ubuntu3.4) ...
Setting up libuv1:amd64 (1.34.2-1ubuntu1.3) ...
Setting up apache2-data (2.4.41-4ubuntu3.4) ...
Setting up apache2-utils (2.4.41-4ubuntu3.4) ...
Setting up apache2 (2.4.41-4ubuntu3.4) ...
Processing triggers for ufw (0.36-6) ...
Processing triggers for systemd (245.4-4ubuntu3.7) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for libc-bin (2.31-0ubuntu9.2) ...

Restart due to the update was fine:
$ systemctl status apache2
● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2021-07-07 13:33:06 UTC; 17s ago

OSCP is still happy:

$ echo " " | openssl s_client -showcerts -connect apache-certbot-focal.dd-dns.de:443 -status |& grep -i ocsp
OCSP response:
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response

Also otherwise I can see no difference