If anyone got here regarding the Letsencrypt DST Root CA X3 expired (september 30):
DO NOT RUN apt purge ca-certificates
This will literally remove certbot from your system and all ssl certificates generated by certbot.
If you have multiple vhosts on yout machine using letsencrypt as certificate, running this command is going to break all of them, making it unable to even restart your apache, which was my case.
I unfortunately runned it, but thanks to my coleague, we've been able to revert the situation by firstly disabling all vhosts using a2dissite, then reinstalling certbot, update ca-certificates, and then regenerate all ssl certificates using certbot. Quite a headache.
To fix the original problem on my ubuntu 16.04 machine, i just followed the steps mentioned on this thread:
To do that, first check if your certbot version is < 1:
sudo certbot --version
if so you have to remove it and reinstall using snap:
sudo apt-get remove -y certbot python3-certbot-apache
sudo snap install certbot --classic
sudo ln -s /snap/bin/certbot /usr/bin/certbot
After reinstalling, or If your certbot version is > 1, force the renewal:
sudo certbot renew --force-renewal --preferred-chain "ISRG Root X1"
If you're using mysql and you are having memory problems trying to install snap, try to disable mysql, install it, and then enable it again.