Do not pass OCSP stapling failures to client.
CA's OCSP servers occionally fail, propagating an error is undesireable and causes Firefox and other clients by default to reject the connection.
<% if node[:lsb][:release].to_f >= 14.04 -%>
SSLUseStapling On
<% if node[:lsb][:release].to_f >= 14.04 -%>
SSLUseStapling On
+SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_ocspcache(512000)
<% end -%>
SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_ocspcache(512000)
<% end -%>