This does sound like an issue on your side (i.e. the side of your website).
The certificate provided by the server is fine and it is accepted by almost all browsers - the problem is that a lot of older servers do not have the (relatively) new root certificate in their trust store so a lot of automated stuff is throwing errors at the moment.
I don’t know your exact site so I took an arbitrary hosted-by-discourse.com site and ran it through the Qualys SSL Server Test.
You can see that root of the second certification path is indeed expired, but this is mitigated by the ISRG Root X1 certificate being in the trust store (i.e. included in your browser and/or operating system) for the first certification path.
Servers typically do not update their trust store often so your server probably does not have the ISRG Root X1 certificate in its trust store. (That is what happened to the mail-receiver Docker image as well).
You can find a current bundle on for instance https://curl.se/ca/cacert.pem. On CentOS that file goes into /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem. On Ubuntu you can use the update-ca-certificates command which updates /etc/ssl/certs/ca-certificates.crt.
Alternatively, you could temporarily disable SSL certificate verification in your server code.