Schedule published: Let's Encrypt abolishes OCSP certificate verification
The protocol for real-time validity checking has data protection problems. The world's largest CA is now replacing it with certificate revocation lists.
Let's Encrypt, the largest certification authority with over 387 million valid certificates, is moving away from the Online Certificate Status Protocol (OCSP). The CA (Certificate Authority) has now announced the specific timetable for the changeover in its blog. By the end of January 2025, Let's Encrypt will refuse to issue certain certificates and by May at the latest, the well-known certificate revocation lists (CRLs) will once again be omnipresent.
Its developers had designed OCSP as a technically advanced replacement for the unwieldy revocation lists. The purpose of both solutions is the same: certificates that have been revoked by the CA due to loss of key material, misuse or incorrect issuance must not be accepted as valid by browsers. OCSP required web browsers to ask the CA for the status of the certificate presented each time an encrypted connection was established.
Videos by heise
This not only presented the certification authorities with load problems (the OCSP responders were considered notoriously overloaded and unstable), but also raised data protection issues. By evaluating OCSP requests, certification authorities, including public authorities and government organizations, were able to log surfing behaviour quite accurately. A protocol add-on called "OCSP Stapling" eliminated this difficulty, but did not catch on with browser manufacturers.
Roll back to the CRL
The "Let's Encrypt" CA was launched with OCSP support and originally had no plans to support CRLs. However, the operators revised this assessment in 2022 – and revocation lists will soon be the only means of choice for status checks again.
From May 7, 2025, every certificate issued by Let's Encrypt will contain the URLs to the revocation list, but not those of the OCSP responder. New requests for certificates that contain OCSP extensions will also be rejected outright. The OCSP servers will then go offline on August 6.
However, the announcement comes as no surprise. Let's Encrypt had already broken away from OCSP in July 2024, but had not yet given a timetable for concrete steps. Last year, the CA/Browser Forum downgraded OCSP to optional and made CRLs a mandatory mechanism with a rule change, and two years ago Apple and Mozilla had already campaigned for the return of CRLs.
For administrators and software developers, the specific timetable means that they should check their tools for automatic certificate requests before the end of the year and possibly update them. "certbot", the command line program for certificate management on many Linux systems, does support the "OCSP Must-Staple" extension, but does not use it in the standard configuration. Self-written automatisms may act differently, which system administrators should take a close look at.
(cku)
