diff --git a/certbot-apache/tests/ocsp_prefetch_test.py b/certbot-apache/tests/ocsp_prefetch_test.py
index f9ad569a2..5d90916d7 100644
--- a/certbot-apache/tests/ocsp_prefetch_test.py
+++ b/certbot-apache/tests/ocsp_prefetch_test.py
@@ -93,12 +93,12 @@ class OCSPPrefetchTest(util.ApacheTest):
 
         _, self.tmp_certfile = tempfile.mkstemp()
         self.lineage = mock.MagicMock(cert_path=self.tmp_certfile, chain_path="chain")
-        self.config.parser.modules.add("headers_module")
-        self.config.parser.modules.add("mod_headers.c")
-        self.config.parser.modules.add("ssl_module")
-        self.config.parser.modules.add("mod_ssl.c")
-        self.config.parser.modules.add("socache_dbm_module")
-        self.config.parser.modules.add("mod_socache_dbm.c")
+        self.config.parser.modules["headers_module"] = None
+        self.config.parser.modules["mod_headers.c"] = None
+        self.config.parser.modules["ssl_module"] = None
+        self.config.parser.modules["mod_ssl.c"] = None
+        self.config.parser.modules["socache_dbm_module"] = None
+        self.config.parser.modules["mod_socache_dbm.c"] = None
 
         self.vh_truth = util.get_vh_truth(
             self.temp_dir, "debian_apache_2_4/multiple_vhosts")
@@ -152,10 +152,10 @@ class OCSPPrefetchTest(util.ApacheTest):
 
     @mock.patch("certbot_apache._internal.override_debian.DebianConfigurator.enable_mod")
     def test_ocsp_prefetch_enable_mods(self, mock_enable):
-        self.config.parser.modules.discard("socache_dbm_module")
-        self.config.parser.modules.discard("mod_socache_dbm.c")
-        self.config.parser.modules.discard("headers_module")
-        self.config.parser.modules.discard("mod_header.c")
+        self.config.parser.modules.pop("socache_dbm_module", None)
+        self.config.parser.modules.pop("mod_socache_dbm.c", None)
+        self.config.parser.modules.pop("headers_module", None)
+        self.config.parser.modules.pop("mod_header.c", None)
 
         ref_path = "certbot_apache._internal.override_debian.DebianConfigurator._ocsp_refresh"
         with mock.patch(ref_path):
diff --git a/certbot/certbot/ocsp.py b/certbot/certbot/ocsp.py
index ed04c020b..00c1f2549 100644
--- a/certbot/certbot/ocsp.py
+++ b/certbot/certbot/ocsp.py
@@ -100,7 +100,8 @@ class RevocationChecker(object):
         if not host or not url:
             return False
         if self.use_openssl_binary:
-            return self._check_ocsp_openssl_bin(cert_path, chain_path, host, url, timeout, response_file)
+            return self._check_ocsp_openssl_bin(cert_path, chain_path, host, url,
+                                                timeout, response_file)
         return _check_ocsp_cryptography(cert_path, chain_path, url, timeout, response_file)
 
     def ocsp_times(self, response_file):
@@ -120,7 +121,8 @@ class RevocationChecker(object):
             return _ocsp_times_openssl_bin(response_file)
         return _ocsp_times_cryptography(response_file)
 
-    def _check_ocsp_openssl_bin(self, cert_path, chain_path, host, url, timeout, response_file=None):
+    def _check_ocsp_openssl_bin(self, cert_path, chain_path, host, url, timeout, response_file=None):  # pylint: disable=line-too-long
+
         # type: (str, str, str, str, int, Optional[str]) -> bool
         # Minimal implementation of proxy selection logic as seen in, e.g., cURL
         # Some things that won't work, but may well be in use somewhere: