TL;DR;
$ sudo sed -i 's/mozilla\/DST_Root_CA_X3.crt/!mozilla\/DST_Root_CA_X3.crt/g' /etc/ca-certificates.conf
$ sudo update-ca-certificates
https://medium.com/geekculture/will-you-be-impacted-by-letsencrypt-dst-root-ca-x3-expiration-d54a018df257
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
server certs要把舊的x3刪掉了
要不然server side 驗證應該都失敗啦