Do China's GFW allow LetsEncrypt's OCSP servers?
Would there be any problem in using LE certificates in China?
Is there legal formalities that we should be aware of before using LE certificates in China?
If anyone is using LE certificates in China please feel free to share your experience. That would be greatly helpful.
I haven’t heard any complaints of it not working, and certainly Let’s Encrypt has many users inside China. But we haven’t explicitly done testing or monitoring, as we have no operations inside China.
In the past, there have been reports of Let's Encrypt's OCSP servers being blocked in China.
The current OCSP servers are on a different domain name than they were at the time of those reports, and I haven't seen any such reports within the last couple years. Of course, they could start blocking it at any time if they wanted to, and anyone on this forum might not know of it happening.
I think some people do. Some people have found it difficult to get the traffic allowed for the validation attempts from Let's Encrypt's servers.
Of course, some people in other countries (including the US) have trouble getting their ISP's firewalls to cooperate too.