Closed fm4dd closed 2 years ago
A improved workaround script "update-crl.sh" has been created, which is daily triggered through cron. It checks if a new revocation happened that requires the refresh of the CRL, and publishes the new CRL if needed. New revocations can now become public with several hours delay. A higher cron frequency could shorten the time gap. Eventually, a new CRL creation should be triggered directly from the revocation itself, but the current asynchronous batch mode is a decent compromise.
A fresh revoked certificate does not create a new CRL at the time of revocation. The 3-month periodic CRL update (crontab entry) will add all revoked certs to the updated crl.
As a workaround, manual execution of the crontab command successfully adds all "waiting" revoked certs.