Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
My client application is attempting to do OCSP cert validation via a Cisco WSA Proxy server (not sure if relevant or not) and the proxy server and client application are not receiving responses from the lets encrypt ocsp responder. (proven with wireshark captures on client PC, and with tcpdump from the proxy server).
This is causing the client application to fail TLS handshake with the www.visitnow.org site.