Because nobody has this documented it seems:
If you want to verify that your server is doing OCSP stapling, OpenSSL has you covered. Just run it like this:
$ openssl s_client -status -connect mail.startmail.com:443 CONNECTED(00000006) depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify return:1 depth=0 CN = startmail.com verify return:1 OCSP response: ====================================== OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 Produced At: Apr 26 13:21:00 2020 GMT Responses: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: 7EE66AE7729AB3FCF8A220646C16A12D6071085D Issuer Key Hash: A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA1 Serial Number: 03D8BD08D6B2BDD5EDB614264A625DC613D0 Cert Status: good This Update: Apr 26 13:00:00 2020 GMT Next Update: May 3 13:00:00 2020 GMT [...]
And that’s it. You just need to add -status to get this output.