TL;DR;
$ sudo sed -i 's/mozilla\/DST_Root_CA_X3.crt/!mozilla\/DST_Root_CA_X3.crt/g' /etc/ca-certificates.conf
$ sudo update-ca-certificates
https://medium.com/geekculture/will-you-be-impacted-by-letsencrypt-dst-root-ca-x3-expiration-d54a018df257
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
server certs要把旧的x3删掉了
要不然server side 验证应该都失败啦