OK, easy enough to reproduce.
I think that Sectigo’s OCSP response is correct, it’s just that Certbot’s OCSP client does not fully implement the OCSP standard.
In a Basic Response, the
ResponderID may either be a name or a public key hash. Certbot only supports responses with a name, but Sectigo uses the other method.
I have filed an issue with the Certbot project (https://github.com/certbot/certbot/issues/7986), but for now, it’s worth noting that the issue is non-critical - it does not affect renewal or your ability to issue certificates. It just means that Certbot will, for now, fail to check whether your certificate is revoked.