Hey, it took a while and I’ve updated to haproxy 2.8.4 and current openssl and problem resolved itself. I don’t have startup error anymore and I am able to run both command update ssl ocsp-response and show ssl ocsp-updates via API. I can see that now I have ‘HTTP error’ on ocsp update attempts.
This particular server instance does not have direct internet http connection capabilities and all traffic goes via proxy.local server. Is there a way to tell haproxy to make this update ssl ocsp-response request to go via proxy server?