An OCSP server somewhere in your certificate chain is broken.
Maybe the OCSP server might not know about the cert yet if it is very new.
By building iPXE with DEBUG=ocsp you can see the offending certificate IDs.
iPXE
DEBUG=ocsp