Godaddy's OCSP server now behind Sucuri cloud proxy broke my server
On Friday, my website completely broke. It turns out that, even though I had once been assured by Godaddy's helpdesk that the IP addresses of Godady's OCSP servers would not change their IP addresses, they are now being protected by Sucuri's cloud proxy / WAF.
That's really anoying. I don't want my web server to be able to make outgoing HTTP connections to any IP address. I want its firewall to restrict outgoing connections to only those few IP addresses that it requires to function (so as to make life unpleasant for hackers should it ever be compromised). Now that I don't know what IP addresses are needed for OCSP, I either have to weaken its firewall or stop doing OCSP stapling.
The fact that Godaddy had a fixed list of OCSP server IP addresses was the only reason I hadn't switched to letsencrypt.
I have a question: Is the original list of OCSP server IP addresses still accurate? i.e. Could I override the IP address for ocsp.godaddy.com in my /etc/hosts file to one of:
For this type of information, you will have to contact phone support or live chat.
If you're on a shared server, your best bet is to purchase a VPS or Dedicated Server so you can control the environment completely.
I am a GoDaddy End User - Just Like You * Please note that I offer free advice on this forum. I DO NOT answer private messages. Please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *
Once your issue is resolved, please be sure to come back and click accept for the solution