My domain is: office.pc-tiede.de
I ran this command:
ping -6 ocsp.int-x3.letsencrypt.org
It produced this output:
PING ocsp.int-x3.letsencrypt.org(g2a02-26f0-00e7-0000-0000-0000-5f65-48c0.deploy.static.akamaitechnologies.com (2a02:26f0:e7::5f65:48c0)) 56 data bytes
^C
— ocsp.int-x3.letsencrypt.org ping statistics —
7 packets transmitted, 0 received, 100% packet loss, time 202ms
A traceroute yields “network unreachable” - from my ISP’s border gateway, my other IPv6 connections, except towards Akamai, work okay.
My web server is (include version):
nginx 1.16.1
The operating system my web server runs on is (include version):
Gentoo Linux latest stable
My hosting provider, if applicable, is:
myself, ISP in use is TAL.de, AS8820.
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The problem, according to my ISP, is Akamai, as it seems to propagate wrong IPv6 routes to my ISP, rendering the OCSP responder hosted at Akamai unreachable from my network using IPv6 - IPv4 connectivity is good.
Another machine on a different ISP does not have the issue, but then my affected ISP is rather small. So far they’ve worked around it for a couple of machines at Akamai and will likely do so for the next bunch later today but advised again that Akamai seems to have provided them with invalid routing and asked if I could inform the organisation actually relying on Akamai services about the issue at hand, which I am doing here.
I don’t know if Let’s Encrypt or ISRG actually has some leverage to to work on this, but I would be grateful if it was tried.