Ending OCSP Support in 2025

Earlier this year we announced our intent to provide certificate revocation information exclusively via Certificate Revocation Lists (CRLs), ending support for providing certificate revocation information via the Online Certificate Status Protocol (OCSP).

In today’s blog post, we’re announcing a timeline for ending OCSP services next year.

Websites and people who visit them will not be affected by this change, but some non-browser software might be. Action will be required for the very small percentage of our subscribers who have manually configured their ACME client to request certificates with the OCSP Must Staple Extension.

Read the full blog post to learn more about why we’re making this change and, if you’re one of those who may be affected, the actions you will need to take before next May.

As previously announced, we will be shutting down our OCSP responders next week, on August 6th.

Our staging OCSP servers are being shut down now.

No subscribers or relying parties should be affected or action needed, as all certificates containing an OCSP AIA URL will be expired before we shut down the relevant OCSP responders.

Our production OCSP servers are going offline now.

They will return an HTTP 410 Gone status for a few days, after which point the DNS names will stop resolving.

No subscribers or relying parties should be affected or action needed, as all certificates containing an OCSP AIA URL are now expired.