Yep very nice. In mod_status you can see :
Managed StaplingsDomainCertificate IDOCSP StatusStapling
ValidResponderActivitydomain.com3ff13e35fbe9d1ce4bcafbc3fd2ccd6ff5079eca
gooduntil 2020-04-03ocsp.int-x3.letsencrypt.orgRefresh in ~3 days
Try in global conf:
<MDomain domain.com www.domain.com ......>
MDCertificateFile conf/domain.com-chain.pem
MDCertificateKeyFile conf/domain.com-key.pem
MDStapling on
</MDomain>
MDMessageCmd c:/apache24/bin/MDMessageCmd.bat
MDNotifyCmd c:/apache24/bin/MDNotifyCmd.bat
And Remove the directives
SSLCertificateFile .....chain.pem
SSLCertificateKeyFile ......key.pem
See in the Readme.md the above directives.
The info is stored in MDStoreDir/ocsp
On Friday 27/03/2020 at 11:25, Marek Svent wrote:
Hi,
From 2.4 changelog I read that from next 2.4 release it's possible to
use mod_md OCSP stapling even for certificates not managed by mod_md.
It's very welcome as there is too many problems with mod_ssl stapling
code. However it's not clear for me how this could be configured.
I have many virtual hosts and none of the certificates is managed by
mod_md. However I'd like to switch to mod_md for stapling, but
continue to control per virtual host whether to staple at all. How do
I configure this?
Also it's unclear where stapling information is stored. MDStoreDir?
Regards,
--
Marek
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
