The OCSP Responder certificate is used by the ISE Internal CA as part of the BYOD services.
What is the reason for renewing the OCSP Responder certificate? If it is expiring/expired, the ISE Root CA that signed that certificate is likely also expiring/expired.
Have you tried replacing the entire ISE Root CA chain? If so, and you are getting the same error you will likely need to open a TAC case. I have seen that error referenced in other TAC cases related to Internal CA issues after an upgrade from an earlier version of ISE. The TAC engineer might have to issue a temporary Plus license to resolve the issue.
As for the CA, EST, and OCSP services Not Running on the Admin and MnT Nodes, this is normal. Only the PSNs run these services as they are the nodes that issue certificates to the endpoints.
Please note that ISE 2.3 is past the milestone for End of Software Maintenance so there will be no more patches for this version. It will also reach End of Support on 17 July 2020. You should strongly consider upgrading to a supported version ASAP.