The Let’s Encrypt authority has discontinued support for OCSP. The problem occurred after a certificate exchange at the repo.turris.cz address.
As milkandhoney wrote.
This is a server side problem. I’m curious how the Turris team will handle this, because OCSP verification is enabled on the client (router) side, but the server certificate no longer provides this method. I doubt there is another way to bulk change/turn off this verification on the client side.
If they have a backup of the original certificate that should still be valid (Let’s Encrypt replaces them ahead of time), they can re-upload it to the server and issue a patch before the original one finally expires.
Fingers crossed 
I’m turning off updates for now, hopefully that will stop the SPAM 