I receive the occasional “ocsp.int-x3.letsencrypt.org could not be resolved (110: Operation timed out) while requesting certificate status, responder: ocsp.int-x3.letsencrypt.org” error. After reviewing the previous topics related to this in the Community Forum, I ascertained that none of the issues/solutions were pertinent to the problem.
Investigating further using DNS Viz, I found there are multiple issues, 2 errors and 7 warnings. See link.
The two errors are:
ocsp.int-x3.letsencrypt.org.edgesuite.net/CNAME: A query for ocsp.int-x3.letsencrypt.org.edgesuite.net results in a NOERROR response, while a query for its ancestor, org.edgesuite.net, returns a name error (NXDOMAIN), which indicates that subdomains of org.edgesuite.net, including ocsp.int-x3.letsencrypt.org.edgesuite.net, don’t exist. (126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 2600:1401:1::40, 2600:1401:2::2, 2600:1408:1c::40, 2600:1480:1::40, 2600:1480:800::40, 2600:1480:b000::40, 2a02:26f0:117::40, UDP_0_EDNS0_32768_4096)
org/DNSKEY: No response was received from the server over UDP (tried 4 times). (2001:500:b::1, UDP_0_EDNS0_32768_512)
The warnings, which can be seen in detail at the link above, relate to UDP payload size, missing AAAA glue records and NS names found in the authoritative NS RRset, but not in the delegation NS RRset.
Perhaps the errors I see on occasion may relate to these problems. Thought someone might want to investigate.