The upstream bugs to watch for: https://bz.apache.org/bugzilla/show_bug.cgi?id=57121 "ocsp stapling should not pass temporary server outages to clients"
https://bz.apache.org/bugzilla/show_bug.cgi?id=60182 "SSLStaplingFakeTryLater Deviates From Documented Behavior of Only Being Effective When SSLStaplingReturnResponderErrors is On" A possible workaround: https://community.letsencrypt.org/t/robust-ocsp-stapling-with-apache-httpd/87896 And the mod_md workaround suggested in the upstream bugs is currently not possible in Debian as this module is too old for OCSP stapling: https://serverfault.com/questions/1007247/apache-httpd-how-to-enable-ocsp-stapling-with-mod-md -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
