I’ve requested new certificates for all important domains and those seem to work for now… Not sure how feasible that is for everyone.
I wasn’t aware that OCSP was this fragile. I’ve been trying to pitch LetsEncrypt as a reliable alternative to my boss, but this is not helping 