Sorry, but we are still seeing the 503s (based in Germany). On the bright side, I am no longer able to replicate this on the cli Maybe I did not try hard enough (a few hundret requests)?
At first I restarted nginx, then I started playing with the nameservers (originaly we where using 126.96.36.199).
Google currently resolves ocsp.int-x3.letsencrypt.org to
… while my local ISP gives me…
Tcpdump was able to get me some references for/from Akamai:
Side Note 1: Browsing through the log, the times of the 503s seem to be “clustered” together.
Side Note 2: The “timeout thing” did not affect us, only 503.
Currently I am still hoping this might be a DNS issue but I seriously doubt it.