Since 6th February, I've been getting a lot of these errors in my Apache error logs:
AH01980: bad response from OCSP server: 307 Temporary Redirect
AH01941: stapling_renew_response: responder error
About 485 of them, so approximately hourly.
I have strict egress firewalling that only allows outgoing traffic to known IP/port
combinations and I got the list of Godaddy's OCSP servers from:
They don't seem to have changed. They are still:
126.96.36.199 188.8.131.52 184.108.40.206 220.127.116.11 18.104.22.168
According to that page. But anyway, I don't think that Apache is honouring the
redirect response because there are no firewall logs for outgoing port 80 traffic
at the time of the Apache error messages.
It seems more likely, just based on the text of the error message, that Apache is
not expecting the 307 Temporary Redirect response and is just reporting it as an
The site still seems to work (possibly because I have "SSLStaplingReturnResponderErrors off"
in the Apache configuration). Or maybe it is failing approximately once an hour when these
redirect responses are received by Apache). No, the Apache access logs report the requests
succeeding at the times of these error messages. And Qualys SSLLabs reports that stapling
is happening so maybe it's OK but I'd like these error messages to stop.
So, any idea why this started happening on 6th February?
Any idea if it'll stop by itself?
Is there anything I can do to make it stop?
Have there been any changes relating to Godaddy's OCSP servers
that could explain this?