OCSP Status
developer/v1/domain/ocspChecks the OCSP (Online Certificate Status Protocol) revocation status for a domain's SSL certificate. Note: OCSP is being deprecated industry-wide — Let's Encrypt ended OCSP support in August 2025, shifting to CRL-based revocation per RFC 5280. Many CAs still support OCSP, making this check valuable for transition monitoring.
What It Does
Performs a TLS handshake to verify the certificate is trusted by Cloudflare's TLS stack, then identifies the CA's OCSP responder URL from known issuer patterns. Detects whether the CA has deprecated OCSP (e.g., Let's Encrypt since August 2025). Note: Direct OCSP queries and stapling detection are not available in this environment. For full revocation checking, use Qualys SSL Labs or a dedicated OCSP client.
Why It's Useful
Certificate revocation checking is in transition. With Let's Encrypt and other CAs moving from OCSP to CRL-based revocation, this endpoint helps identify which domains still rely on OCSP responders and which have transitioned. OCSP stapling verification remains relevant for servers that still support it.
Use Cases
Certificate Revocation Monitoring
Monitor certificate revocation status to detect compromised or misissued certificates.
Detect certificate revocation before it causes user-facing issues.
Performance Optimization
Verify OCSP stapling is enabled to reduce TLS handshake latency.
Improve TLS performance by confirming stapling configuration.
OCSP Deprecation Assessment
Audit which domains still depend on OCSP responders versus CRL-based revocation in a post-Let's Encrypt OCSP world.
Plan certificate revocation strategy as the industry transitions away from OCSP.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The domain to check OCSP status forExample: example.com |
port | number | Optional | Port to connect to (default: 443)Example: 443 |
Response Fields
| Field | Type | Description |
|---|---|---|
domain | string | The queried domain |
port | number | The port used for connection |
tlsVerified | boolean | Whether the TLS handshake succeeded (certificate trusted by Cloudflare) |
ocspResponder | string | null | OCSP responder URL for this CA (null if unknown or deprecated) |
ocspDeprecated | boolean | Whether this CA has deprecated OCSP (e.g., Let's Encrypt since Aug 2025) |
note | string | Human-readable explanation of the check result |
limitations | array | Environment limitations for this check |
Code Examples
curl "https://api.edgedns.dev/v1/domain/ocsp" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d "domain=example.com"const response = await fetch(
'https://api.edgedns.dev/v1/domain/ocsp?domain=example.com',
{
headers: {
'Authorization': 'Bearer YOUR_API_KEY'
}
}
);
const data = await response.json();
console.log(data);import requests
response = requests.get(
'https://api.edgedns.dev/v1/domain/ocsp',
headers={'Authorization': 'Bearer YOUR_API_KEY'},
params={
'domain': 'example.com'
}
)
data = response.json()
print(data)Read the full OCSP Status guide
Why it matters, real-world use cases, parameters, response fields, and how to call it from Claude, ChatGPT, or Gemini via MCP.
Read the guide →Related Endpoints
External References
Learn more about the standards and protocols behind this endpoint.