Update: R3 (cross-signed by IdenTrust) has now expired.
On Sep 29 19:21:40 2021 GMT an intermediate certificate by Let's Encrypt called "R3" has expired. There are two versions of R3, one signed by Let's Encrypt/ISRG and one
signed by IdenTrust. While the Let's Encrypt version of R3 still has about 4 years left of lifetime, the IdenTrust version has already expired. This is related to the
expiry of DST Root CA X3 itself.
You should not use this intermediate certificate anymore.
R3 cross-sign has expired!