I have created a https CRL in both DER and PEM format, but it looks like openssl isn’t even attempting to reach out to my distribution point to get the CRL. Both the int and root ca issuers are trusted on my server. I am able to curl the CRL and verify it using OpenSSL with the commands below (depending on whether it is in DER or PEM format):