To fix this you need to make your server use (serve) the correct chain. In some cases, the expiry of the root (and its related expiring R3 intermediate certificate) may causes certificates to be considered untrusted or invalid.The DST Root CA X3 root certificate expired September 30 14:01:15 2021 GMT. The version of the R3 intermediate signing certificate which chains to DST Root CA X3 expired September 29 19:21:40 2021 GMT. The guidance in this article is aimed at all Windows users with Let's Encrypt related issues, for any ACME client. Certify The Web is the most popular desktop UI for ACME certificate management and includes commercial support via email to our helpdesk.