Just noticed this Let’s Encrypt post about it ending OCSP support in 2025:
Does this affect Trellis (nginx with OCSP), or are no configuration changes need and it will simply fail gracefully when support ends?
Let’s Encrypt email expiration notifications will also end this year in June 2025: Ending Support for Expiration Notification Emails - Let's Encrypt . Was reading https://roots.io/trellis/docs/ssl/#setting-the-contact-email and remembered the article by LE.
2 Likes
I don’t think Trellis would face any issues/interruptions once LE’s OCSP responders are gone. However, I will remove OCSP stapling support in Trellis in the meantime because it will basically be useless.
It might still be useful for other SSL certificate providers, but I don’t think it’s worth keeping around for that tiny percentage and apparently OSCP doesn’t provide much value for browser clients anyway (and has a privacy risk according to LE).
I assume this means there’s no point in registering a contact email at all anymore. That was probably the only purpose for it and it seems they won’t be collecting emails.
Removing it should be pretty easy. Thanks for the update!