Let's Encrypt Shuts Down OCSP, Prioritizes Privacy with CRLs

Popular：

Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Let's Encrypt Shuts Down OCSP, Prioritizes Privacy with CRLs

2025-09-15

Let's Encrypt has officially discontinued its Online Certificate Status Protocol (OCSP) service, shifting exclusively to Certificate Revocation Lists (CRLs) for revocation information. This move prioritizes user privacy, as OCSP reveals users' IP addresses when accessing websites. Let's Encrypt stopped including OCSP URLs in certificates over 90 days ago; all certificates containing them have now expired. Discontinuing OCSP also simplifies Let's Encrypt's CA infrastructure, improving efficiency and reliability. At its peak, Let's Encrypt's OCSP service handled approximately 340 billion requests per month. Thanks to Akamai for generously donating CDN services for OCSP to Let's Encrypt for the past ten years.

(letsencrypt.org)

Tech

Page Objects: Making Your UI Tests Less Brittle

Death to Type Classes: Exploring the Backpack Module System in Haskell