diff --git a/certbot/certbot/ocsp.py b/certbot/certbot/ocsp.py
index 24cde7230..f879ac8b5 100644
--- a/certbot/certbot/ocsp.py
+++ b/certbot/certbot/ocsp.py
@@ -85,6 +85,8 @@ class RevocationChecker(object):
         :returns: True if revoked; False if valid or the check failed or cert is expired.
         :rtype: bool
         """
+        if self.broken:
+            return False
 
         # Let's Encrypt doesn't update OCSP for expired certificates,
         # so don't check OCSP if the cert is expired.
@@ -93,9 +95,6 @@ class RevocationChecker(object):
         if crypto_util.notAfter(cert_path) <= now:
             return False
 
-        if self.broken:
-            return False
-
         url, host = _determine_ocsp_server(cert_path)
         if not host or not url:
             return False