I was testing the non-proxy case as requested by Robie. @Horst - could you do the real proxy case testing? P.S. After so many years of joking about "localhorst" is is great to meet THE localhorst :-) Setup is following: https://cwiki.apache.org/confluence/display/httpd/OCSPStapling After enabling ssl/letencrypt that means enabling OCSP like: SSLUseStapling On SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_stapling(32768) to /etc/apache2/mods-available/ssl.conf After that testing is inspired by https://www.digicert.com/kb/ssl-support/apache-enable-ocsp-stapling-on-server.htm $ echo " " | openssl s_client -showcerts -connect apache-certbot-focal.dd-dns.de:443 -status |& grep -i ocsp OCSP response: OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Respons I was updating that system to the version from proposed. ubuntu@cpaelzer-amd64-certbot4:~$ sudo apt upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages will be upgraded: apache2 apache2-bin apache2-data apache2-utils libuv1 5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 1 standard security update Need to get 1599 kB of archives. After this operation, 0 B of additional disk space will be used. Do you want to continue? [Y/n] Y Get:1 http://us.archive.ubuntu.com/ubuntu focal-proposed/main amd64 apache2 amd64 2.4.41-4ubuntu3.4 [95.5 kB] Get:2 http://us.archive.ubuntu.com/ubuntu focal-proposed/main amd64 apache2-bin amd64 2.4.41-4ubuntu3.4 [1180 kB] Get:3 http://us.archive.ubuntu.com/ubuntu focal-proposed/main amd64 apache2-data all 2.4.41-4ubuntu3.4 [159 kB] Get:4 http://us.archive.ubuntu.com/ubuntu focal-proposed/main amd64 apache2-utils amd64 2.4.41-4ubuntu3.4 [84.0 kB] Get:5 http://us.archive.ubuntu.com/ubuntu focal-security/main amd64 libuv1 amd64 1.34.2-1ubuntu1.3 [80.8 kB] Fetched 1599 kB in 0s (42.0 MB/s) (Reading database ... 126331 files and directories currently installed.) Preparing to unpack .../apache2_2.4.41-4ubuntu3.4_amd64.deb ... Unpacking apache2 (2.4.41-4ubuntu3.4) over (2.4.41-4ubuntu3.3) ... Preparing to unpack .../apache2-bin_2.4.41-4ubuntu3.4_amd64.deb ... Unpacking apache2-bin (2.4.41-4ubuntu3.4) over (2.4.41-4ubuntu3.3) ... Preparing to unpack .../apache2-data_2.4.41-4ubuntu3.4_all.deb ... Unpacking apache2-data (2.4.41-4ubuntu3.4) over (2.4.41-4ubuntu3.3) ... Preparing to unpack .../apache2-utils_2.4.41-4ubuntu3.4_amd64.deb ... Unpacking apache2-utils (2.4.41-4ubuntu3.4) over (2.4.41-4ubuntu3.3) ... Preparing to unpack .../libuv1_1.34.2-1ubuntu1.3_amd64.deb ... Unpacking libuv1:amd64 (1.34.2-1ubuntu1.3) over (1.34.2-1ubuntu1.1) ... Setting up apache2-bin (2.4.41-4ubuntu3.4) ... Setting up libuv1:amd64 (1.34.2-1ubuntu1.3) ... Setting up apache2-data (2.4.41-4ubuntu3.4) ... Setting up apache2-utils (2.4.41-4ubuntu3.4) ... Setting up apache2 (2.4.41-4ubuntu3.4) ... Processing triggers for ufw (0.36-6) ... Processing triggers for systemd (245.4-4ubuntu3.7) ... Processing triggers for man-db (2.9.1-1) ... Processing triggers for libc-bin (2.31-0ubuntu9.2) ... Restart due to the update was fine: $ systemctl status apache2 ● apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2021-07-07 13:33:06 UTC; 17s ago OSCP is still happy: $ echo " " | openssl s_client -showcerts -connect apache-certbot-focal.dd-dns.de:443 -status |& grep -i ocsp OCSP response: OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Also otherwise I can see no difference