Steffen described the way to do it where you get the most benefits (thanks!). However, you not need to declare "MDomain"s for all your certificates. You can also just configure MDStapling on and *all* the certificates in your Apache will be stapled by mod_md. more details: see <https://github.com/icing/mod_md#how-to-staple-all-my-certificates> Cheers, Stefan > Am 28.03.2020 um 11:28 schrieb Steffen <info@xxxxxxxxxxxxxxxx.INVALID>: > > Yep very nice. In mod_status you can see : > > Managed Staplings > > Domain Certificate ID OCSP Status Stapling Valid Responder Activity > domain.com 3ff13e35fbe9d1ce4bcafbc3fd2ccd6ff5079eca good until 2020-04-03 ocsp.int-x3.letsencrypt.org Refresh in ~3 days > > Try in global conf: > > <MDomain domain.com www.domain.com ......> > MDCertificateFile conf/domain.com-chain.pem > MDCertificateKeyFile conf/domain.com-key.pem > MDStapling on > </MDomain> > > MDMessageCmd c:/apache24/bin/MDMessageCmd.bat > MDNotifyCmd c:/apache24/bin/MDNotifyCmd.bat > > And Remove the directives > > SSLCertificateFile .....chain.pem > SSLCertificateKeyFile ......key.pem > > See in the Readme.md the above directives. > > The info is stored in MDStoreDir/ocsp > > On Friday 27/03/2020 at 11:25, Marek Svent wrote: >> Hi, >> >> From 2.4 changelog I read that from next 2.4 release it's possible to >> use mod_md OCSP stapling even for certificates not managed by mod_md. >> It's very welcome as there is too many problems with mod_ssl stapling >> code. However it's not clear for me how this could be configured. >> >> I have many virtual hosts and none of the certificates is managed by >> mod_md. However I'd like to switch to mod_md for stapling, but >> continue to control per virtual host whether to staple at all. How do >> I configure this? >> >> Also it's unclear where stapling information is stored. MDStoreDir? >> >> Regards, >> >> -- >> Marek >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx