Remove OCSP warnings #327
Comments
mholt
added
discussion
|
Well, there are already public certs that don't support OCSP. That is the point of the warning: we can't automatically replace a certificate that has been revoked if it doesn't have OCSP. So it is beneficial to warn the user when that is the case. |
|
CRL URLs? Maybe only warn if there is neither a OCSP URL nor a CRL URL? |
|
Caddy doesn't use CRLs though. (It's infeasible AFAIK.) So there's no benefit to warning, since it's not an expected feature or function of Caddy. |
|
Ok. But then in 3 months, there will be warnings when using Let's Encrypt all over since OCSP is no longer supported. That's why I think it would be a good idea to allow to disable the unavoidable warnings. |
|
I'll give this some thought. I don't want to induce "warning fatigue", but I also want users to know when they use a CA that does not support a critical privacy feature. |
What would you like to have changed?
Let's Encrypt will stop supporting OCSP ( https://letsencrypt.org/2024/12/05/ending-ocsp/ ), so there should be an option to disable the warnings or the warnings should be completely removed or downgraded to debug.
The text was updated successfully, but these errors were encountered: