Let’s Encrypt is phasing out Online Certificate Status Protocol (OCSP) support in favor of Certificate Revocation Lists (CRLs) due to privacy concerns and resource efficiency. While this change may not affect websites and visitors, some non-browser software may be impacted. CRLs do not expose user IP addresses like OCSP does, making them a more secure option. The decision aligns with new industry standards that no longer require publicly trusted CAs to provide OCSP services. Let’s Encrypt plans to shut down its OCSP services within the next six to twelve months, encouraging users to transition away from OCSP reliance. Stay updated through their API Announcements category on Discourse.
https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html