This will also be an issue with some docker images built some years ago with an outdated cert store somewhere in there. Unmaintained images are, in effect, frozen in time.
I'll just mention glassfish here in case someone in the near future wonders why this or that application is failing: it has it's own cert store (different from the JVM one), and it is a bit out of date. Yes, I just ran into a github project whose last commit was 3 months ago (march 2020) and that wouldn't work with LE certificates, all because deep down the docker matrioshka, there was a glassfish with outdated certs.
I'll just mention glassfish here in case someone in the near future wonders why this or that application is failing: it has it's own cert store (different from the JVM one), and it is a bit out of date. Yes, I just ran into a github project whose last commit was 3 months ago (march 2020) and that wouldn't work with LE certificates, all because deep down the docker matrioshka, there was a glassfish with outdated certs.