diff --git a/client/certgrinder/certgrinder.py b/client/certgrinder/certgrinder.py
index 631513a3..52a7900a 100644
--- a/client/certgrinder/certgrinder.py
+++ b/client/certgrinder/certgrinder.py
@@ -1047,7 +1047,12 @@ def load_ocsp_response(
         """
         with open(path, "rb") as f:
             ocsp_response_data = f.read()
-        return ocsp.load_der_ocsp_response(ocsp_response_data)
+        try:
+            return ocsp.load_der_ocsp_response(ocsp_response_data)
+        except ValueError:
+            # try loading without trailing char, see more at
+            # https://github.com/tykling/certgrinder/issues/759
+            return ocsp.load_der_ocsp_response(ocsp_response_data[:-1])
 
     def get_ocsp(
         self,
diff --git a/docs/certgrinder-changelog.rst b/docs/certgrinder-changelog.rst
index 3a36c954..ef3bf300 100644
--- a/docs/certgrinder-changelog.rst
+++ b/docs/certgrinder-changelog.rst
@@ -9,6 +9,16 @@ All notable changes to ``certgrinder`` will be documented in this file.
 
 This project adheres to `Semantic Versioning <http://semver.org/>`__.
 
+
+Unreleased
+----------
+
+Fixed
+~~~~~
+
+- Workaround LetsEncrypt OCSP responder bug causing ``ValueError: error parsing asn1 value: ParseError { kind: ExtraData }`` when loading some OCSP responses. Details at https://github.com/tykling/certgrinder/issues/759
+
+
 v0.20.0-beta2 (10-jan-2025)
 ---------------------------