From 6be87e63a7f437cb63316e15bc42281b8f75633a Mon Sep 17 00:00:00 2001
From: Brad Warren <bmw@eff.org>
Date: Wed, 20 May 2020 14:36:20 -0700
Subject: [PATCH] undo extra change

---
 certbot/certbot/ocsp.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/certbot/certbot/ocsp.py b/certbot/certbot/ocsp.py
index 24cde7230..f879ac8b5 100644
--- a/certbot/certbot/ocsp.py
+++ b/certbot/certbot/ocsp.py
@@ -85,6 +85,8 @@ class RevocationChecker(object):
         :returns: True if revoked; False if valid or the check failed or cert is expired.
         :rtype: bool
         """
+        if self.broken:
+            return False
 
         # Let's Encrypt doesn't update OCSP for expired certificates,
         # so don't check OCSP if the cert is expired.
@@ -93,9 +95,6 @@ class RevocationChecker(object):
         if crypto_util.notAfter(cert_path) <= now:
             return False
 
-        if self.broken:
-            return False
-
         url, host = _determine_ocsp_server(cert_path)
         if not host or not url:
             return False