letsencrypt / zerossl not working any longer due to dst root ca x3 expiration


It seems that when you want to renew using acme or letsencrypt for a mail.domain.com certificate, for some reason, it’s using the dst ca x3 root certificate. And, well, it is now officially expired. Any ideas on how to avoid using that specific root certificate and use another one?