From 01b2bfdc4918d8e778241da833f207019345d07d Mon Sep 17 00:00:00 2001
From: Brad Warren <bmw@eff.org>
Date: Thu, 30 Apr 2020 17:12:49 -0700
Subject: [PATCH] Check cert_path before using it.

---
 .../certbot_apache/_internal/prefetch_ocsp.py       | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/certbot-apache/certbot_apache/_internal/prefetch_ocsp.py b/certbot-apache/certbot_apache/_internal/prefetch_ocsp.py
index 65e754707..bc93d7aec 100644
--- a/certbot-apache/certbot_apache/_internal/prefetch_ocsp.py
+++ b/certbot-apache/certbot_apache/_internal/prefetch_ocsp.py
@@ -150,14 +150,13 @@ class OCSPPrefetchMixin(object):
         """
 
         self._ensure_ocsp_dirs()
+        if not os.path.isfile(cert_path):
+            raise OCSPCertificateError("Certificate has been removed from the system.")
+        ocsp_workfile = os.path.join(
+            os.path.dirname(self._ocsp_work),
+            apache_util.certid_sha1_hex(cert_path))
+        handler = ocsp.RevocationChecker()
         try:
-            ocsp_workfile = os.path.join(
-                os.path.dirname(self._ocsp_work),
-                apache_util.certid_sha1_hex(cert_path))
-            handler = ocsp.RevocationChecker()
-            if not os.path.isfile(cert_path):
-                raise OCSPCertificateError("Certificate has been removed from the system.")
-
             if not handler.ocsp_revoked_by_paths(cert_path, chain_path, 10, ocsp_workfile):
                 # Guaranteed good response
                 cert_sha = apache_util.certid_sha1(cert_path)