The old /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt Let's Encrypt certificate that has expired.
The "best" solution seems to be to delete the certificate. This is fine because the new non-expired
/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt certificate is still available.
The old
/usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crtLet's Encrypt certificate that has expired.The "best" solution seems to be to delete the certificate. This is fine because the new non-expired
/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crtcertificate is still available.See the post at https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ for more explanation.