Let's Encrypt to Discontinue OCSP Support in 2025
/ 1 min read
🗝️ Let’s Encrypt to End OCSP Support in 2025, Signaling a Shift in Certificate Revocation Practices. The largest Certificate Authority (CA), Let’s Encrypt, has announced it will discontinue support for the Online Certificate Status Protocol (OCSP) in 2025, a move that could significantly impact the SSL/TLS ecosystem. OCSP, used to check if SSL certificates are revoked, has faced criticism for privacy concerns, performance issues, and lack of reliability. Let’s Encrypt’s decision follows years of debate over OCSP’s effectiveness, with alternatives like OCSP Stapling and CRLite being explored. The transition will begin with the failure of OCSP Must-Staple requests in January 2025, culminating in the complete shutdown of OCSP responders by August 2025. This change may disrupt existing expectations and practices surrounding certificate validation.
