To add a bit more info, I see your site is using a Go Daddy G2 (SHA2) cert.
In that case, here is the intermediate/root chain you'll want to use as
ssl_trusted_cetificate.
C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc.,
OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate
This configuration is working for me. Perhaps nginx cannot verify the OCSP
response with the bundle in /etc/pki/tls/certs/ca-bundle.trust.crt ? In my
ssl_trusted_certificate file, I have these certificates, in order.
C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification
Authority
C
