The DST Root CA X3 certificate is not part of the default ca-certificates package from Mozilla, and likely not found into your certs/ folder - unless you manually added it *and* updated your certificate hooks (via update-ca-cerificate shell script).
Alternatively, if you are using certbot to renew your certificates, add flag --preferred-chain "ISRG Root X1", so it uses the self-signed certificate and not the cross-signed ISRG Root Certificate, signed by the DST Root CA.
For more info on the LE certificate chain, see
https://letsencrypt.org/certificates/ .
Hope this helps - it works like a champ over here with the self signed cert and the flags I originally sent you above.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)