← Certainly LLC cases
Bugzilla #1771238 Certificate Problem Report

Certainly: Serving Expired OCSP Responses

RESOLVED FIXED Certainly LLC
AI Summary

Certainly LLC experienced an incident where expired OCSP responses were being served due to a failure in their OCSP updater service. The issue was traced back to a configuration change made during a Boulder release, which caused the updater to panic and stop generating new responses. The problem was identified on May 24, 2022, and was resolved by rolling back to a previous Boulder release on May 25, restoring normal service. A total of approximately 10,647 certificates were affected during the downtime. The CA has since implemented a remediation plan to enhance monitoring and prevent future occurrences.

Model: gpt-4o-mini Generated: 2026-06-13 21:26 UTC Confidence: 0.95
Chronology
  1. OCSP updater service begins to panic.
  2. Incident declared after expired OCSP responses were discovered.
  3. Service restored after rolling back Boulder to a prior release.
Participants
Wayne Thayer Aaron Gable Brett Wilson
External References
Original Bugzilla Case
Similar Local Cases
#1900129 RESOLVED Certificate Problem Report Opened 2024-05-31 · Closed 2024-06-28 · 71% similar
Certainly: Serving invalid or incomplete CRLs
AI Summary CA Owner
#1798053 RESOLVED Certificate Problem Report Opened 2022-10-28 · Closed 2023-02-22 · 64% similar
Certainly: Serving Bad OCSP Responses
AI Summary CA Owner
#1954889 RESOLVED Certificate Problem Report Opened 2025-03-19 · Closed 2025-03-28 · 60% similar
Certainly: Early CRL Entry Removal
AI Summary CA Owner
#1753123 RESOLVED Certificate Problem Report Opened 2022-02-01 · Closed 2023-01-04 · 60% similar
Let's Encrypt: Failure to provide OCSP Responses for some certificates
AI Summary CA Owner
#1752452 RESOLVED Certificate Problem Report Opened 2022-01-28 · Closed 2023-02-22 · 59% similar
Certainly: TLS Using ALPN TLS Version and OID
AI Summary CA Owner
#1809382 RESOLVED Certificate Problem Report Opened 2023-01-10 · Closed 2023-09-29 · 58% similar
CFCA: Certificate with wrong crlDistributionPoints
AI Summary CA Owner
#1838667 RESOLVED Certificate Problem Report Opened 2023-06-15 · Closed 2023-07-05 · 56% similar
Let's Encrypt: Duplicate Serial Numbers
AI Summary CA Owner
#1729567 RESOLVED Certificate Problem Report Opened 2021-09-07 · Closed 2023-02-22 · 55% similar
Let's Encrypt: Delay updating OCSP responses
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action