cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution
Highlighted
New

Godaddy's OCSP server now behind Sucuri cloud proxy broke my server

Hi,

 

On Friday, my website completely broke. It turns out that, even though I had once been assured by Godaddy's helpdesk that the IP addresses of Godady's OCSP servers would not change their IP addresses, they are now being protected by Sucuri's cloud proxy / WAF.

 

That's really anoying. I don't want my web server to be able to make outgoing HTTP connections to any IP address. I want its firewall to restrict outgoing connections to only those few IP addresses that it requires to function (so as to make life unpleasant for hackers should it ever be compromised). Now that I don't know what IP addresses are needed for OCSP, I either have to weaken its firewall or stop doing OCSP stapling.

 

The fact that Godaddy had a fixed list of OCSP server IP addresses was the only reason I hadn't switched to letsencrypt.

 

I have a question: Is the original list of OCSP server IP addresses still accurate? i.e. Could I override the IP address for ocsp.godaddy.com in my /etc/hosts file to one of:

 

  72.167.18.239

  72.167.239.239

  188.121.36.239

  182.50.136.239

  50.63.243.230

 

Or are those IP addresses now incorrect and are the OCSP servers themselves at unpredictable IP addresses? That list came from https://au.godaddy.com/help/verifying-a-certificates-validity-on-your-computer-6723 which no longer seems to be present.

 

Thanks.

1 REPLY 1
Super User III
Super User III
Solution

Re: Godaddy's OCSP server now behind Sucuri cloud proxy broke my server

@arf 

 

For this type of information, you will have to contact phone support or live chat.

 

If you're on a shared server, your best bet is to purchase a VPS or Dedicated Server so you can control the environment completely.



I am a GoDaddy End User - Just Like You
* Please note that I offer free advice on this forum. I DO NOT answer private messages. Please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

Once your issue is resolved,
please be sure to come back and click accept for the solution

Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community