OCSP support disabled by Let's Encrypt

[Sill, Alan]

FYI. I don’t see any immediate impact on the use of CRLs for Let’s Encrypt certificates where these are used, but wanted to see if others have thought about this further. This mostly seems a browser issue.

More at the link below.

Alan

"In July 2024, Let's Encrypt, the nonprofit TLS certificate authority (CA), announced that it would be ending support for the online certificate status protocol (OCSP), which is used to determine when a server's signing certificate has been revoked. This prevents a compromised key from being used to impersonate a web server. The organization cited privacy concerns, and recommended that people rely on certificate revocation lists (CRLs) instead. On August 6, Let's Encrypt followed through and disabled its OCSP service. This poses a problem for Linux systems that must now rely on CRLs because, unlike on other operating systems, there is no standardized way for Linux programs to share a CRL cache."

https://lwn.net/SubscriberLink/1033809/0fae2452840fb0ee/