An OCSP server somewhere in your certificate chain is broken.

Maybe the OCSP server might not know about the cert yet if it is very new.

By building ''iPXE'' with ''DEBUG=ocsp'' you can see the offending certificate IDs.