One of our application started to warn users about certificate revocation status. I captured the network traffic with Wireshark and found that the OCSP response of was like:
thisUpdate: 2016-12-05 04:00:00 (UTC)
nextUpdate: 2016-12-12 04:00:00 (UTC)
The nextUpdate value matches the time that the problem appeared. I double-checked the OCSP status of our site with https://www.pkicloud.com/tools.html and the result was the same.
Did I miss something to keep the OCSP updated?