I can’t tell why neither Chrome nor Edge check the revocation status, but Firefox is right. The certificate was revoked on Nov. 5 since GoDaddy believes that has stopped operations.

How to check revocation manually

  1. Save the certificate of to the file site.cer, and the issuer’s certificate to the file gd1.cer

  2. Obtain the URL to OCSP service:

openssl x509 -noout -ocsp_uri -in site.cer


  1. Check OCSP status:
openssl ocsp -issuer gd1.cer -cert site.cer -text -url

(shortened) output:

OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: C = US, ST = Arizona, L = Scottsdale, O = GoDaddy Inc., CN = Go Daddy Validation Authority - G2
    Produced At: Nov  6 20:11:53 2020 GMT
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: B6080D5F6C6B76EB13E438A5F8660BA85233344E
      Issuer Key Hash: 40C2BD278ECC348330A233D7FB6CB3F0B42C80CE
      Serial Number: 54FC3E8F69D995CF
    Cert Status: revoked
    Revocation Time: Nov  5 20:08:54 2020 GMT
    Revocation Reason: cessationOfOperation (0x5)

The last threee lines tell us: the certificate was revoked on Nov 5, the reason is “cessation of operations” (code 0x5)

CLICK HERE to find out more related problems solutions.

Leave a Comment

Your email address will not be published.

Scroll to Top