Can LetsEncrypt certificates be used in China domains?

Do China's GFW allow LetsEncrypt's OCSP servers?
Would there be any problem in using LE certificates in China?
Is there legal formalities that we should be aware of before using LE certificates in China?

If anyone is using LE certificates in China please feel free to share your experience. That would be greatly helpful.

3 Likes

I haven’t heard any complaints of it not working, and certainly Let’s Encrypt has many users inside China. But we haven’t explicitly done testing or monitoring, as we have no operations inside China.

8 Likes

In the past, there have been reports of Let's Encrypt's OCSP servers being blocked in China.

The current OCSP servers are on a different domain name than they were at the time of those reports, and I haven't seen any such reports within the last couple years. Of course, they could start blocking it at any time if they wanted to, and anyone on this forum might not know of it happening.

I think some people do. Some people have found it difficult to get the traffic allowed for the validation attempts from Let's Encrypt's servers.

Of course, some people in other countries (including the US) have trouble getting their ISP's firewalls to cooperate too. :wink:

7 Likes

this is a test website includs many monitor different places in China.
you can check how many provinc block Letsencrypt in china.

2 Likes

Thanks. I used this site to test our API, CRL, and OCSP domains. It appears they're all available from all provinces.

8 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.