Apologies if I’m reading your text incorrectly, but it sounds like you think configuring a OCSP server in this Kemp device will help auto-renew your certificates from Let’s Encrypt. That won’t be the case. OCSP is strictly for checking if a certificate has expired, it will not reissue. The device would need to support ACME and Let’s Encrypt directly.
If you are just trying to configure OCSP for this device to do look-ups (perhaps for stapling?) the Let’s Encrypt OCSP server for the X3 Intermediate (the one currently being used) is
ocsp.int-x3.letsencrypt.org/. The port would be
80. We do not offer OCSP over TLS so leave “use SSL” unchecked.
Note 1: Again, I’m totally unfamiliar with Kemp If the OCSP Server Settings are used to perform OCSP lookups for arbitrary TLS certificates as part of some kind of proxying feature then you will likely not want to use the Let’s Encrypt OCSP server for this purpose. That server will only have OCSP information for certificates we issue.
Note 2: You can extract the OCSP URL from a Let’s Encrypt certificate’s “Authority Information Access” (AIA) section using
openssl. That’s where I obtained it. The command is:
openssl x509 -in /path/to/a/letsencrypt/cert.pem -noout -text | grep "OCSP"