Nobody needs ocsp or clr in their homelab. And if they’re a trained netsec professional they know that its far better with short-lived certs than any revocation model.
Both zerossl and letsencrypt are easy to use - and works flawlessly with something like caddy on a wildcard domain, or an acme proxy.
Openssl is easy, and you can clr with that or even use their ocsp for homelab.
