Hi @mikemckenney,

While looking at the apache configuration file I noticed the following

        SSLCertificateFile /etc/apache2/ssl/96e3c185b09b612a.crt
        SSLCertificateKeyFile /etc/apache2/ssl/5Cert.key
        SSLCACertificateFile /etc/apache2/ssl/gd_bundle-g2-g1.crt

Those are the SSL files given for the domain wp.scsiraidguru.com, are you sure the SSL is properly added there?

Another thing I found is that both wp.scsiraidguru.com and scsiraidguru.com are not loading from your DigitalOcean droplet. At the moment they are pinging from the IP 50.4.203.235. If you want to have them ping from your Droplet with DigitalOcean, update your DNS from your registrar - GoDaddy. Once you point them to your server, everything should start loading properly.

Regards,
KDSys

@KDSys, I read the article Jesin A OCSP from your site

I figured I would ask your community forum. I read that web sites should have OCSP Stapling. So I am trying to get it working fully.

I followed it. It is hosted at my house on my DL 360e Gen8 under VMWare 6U3. I have 7 virtual hosts on the two WordPress servers. Two of them are my family sites, which are over 160 GB each of videos and pictures. I back up to tape to protect them. Fortinet 60E firewall for protection.

DNS is properly configured and resolves from Godaddy. Fortinet 60E Firewall VIP rules allow ports 80,443 traffic to the virtual servers. Web sites resolve and redirect to port 443. Do they need to resolve to port 80 for OCSP to work? I can get the response but it doesn’t write to the log files.

I saw someone posted ocsp.godaddy.com uses port 80. Godaddy is useless for help.

Ubuntu, Apache, and OpenSSL are on the latest version.

I added these files for shmcb.

sudo a2enmod file_cache
sudo a2enmod authn_socache
sudo a2enmod socache_shmcb

My OCSP Stapling notes page

The cache original path was var/log/apache2/ The permissions are www-data:www-data. Every virtual hosts has a subdirectory under it for the access.log and error.log

ErrorLog /var/log/apache2/wp.scsiraidguru.com/error.log
CustomLog /var/log/apache2/wp.scsiraidguru.com/access.log combined

SSLStaplingCache shmcb:/var/log/apache2/wp.scsiraidguru.com/ssl_stapling_cache(128000)
#SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
SSLSessionCache shmcb:var/log/apache2/ssl_scache(512000)

I tried, SSLStaplingCache “shmcb:logs/ssl_stapling(32768)”

This morning I can get a OCSP Response.

echo QUIT | openssl s_client -connect wp.scsiraidguru.com:443 -status 2> /dev/null | grep -A 17 'OCSP response:' | grep -B 17 'Next Update'
OCSP response:
======================================
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: C = US, ST = Arizona, L = Scottsdale, O = GoDaddy Inc., CN = Go Daddy Validation Authority - G2
    Produced At: Jun  1 14:17:36 2020 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: B6080D5F6C6B76EB13E438A5F8660BA85233344E
      Issuer Key Hash: 40C2BD278ECC348330A233D7FB6CB3F0B42C80CE
      Serial Number: 96E3C185B09B612A
    Cert Status: good
    This Update: Jun  1 14:17:36 2020 GMT

Next Update: Jun  3 02:17:36 2020 GMT