See the current partial service disruption:
Our delegated OCSP signing certificate ‘OCSP Root-X1’ has expired, causing OCSP validation errors for TLS clients building chains to ISRG Root X1.
(No direct link for source except https://letsencrypt.status.io/ at the moment.)
I’m quite interested to read the post mortem analysis. How could this have happened?
Also, and more the reason for this thread — anyone got statistics on how many users could be affected by this? It only affects sites/services which are chaining to the ISRG root, so only custom configured sites/services are affected. And also only users/clients which are actually requesting OCSP queries for the intermediate certificated are obviously affected?
Anyone would like to take hit at a ballpark guess?