An announcement was made earlier that changes would occur in september with certificates that would be deprecated and we are down on all three servers is there anything we can do this is
a crisis for us
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Have you tried rebooting? All of your servers appear to be responding to basic TLS requests with the now expired R3 chain. I'm not sure why the full web requests would be timing out though. Do they connect to any back end servers over TLS as well that might be failing?
2008 R2 is way out of support at this point. So there hasn't been a lot of testing on how this expiry would affect it. But the reboot may force IIS to switch to the newer non-expired R3 chain.
If not, you may need to do some checking in the Windows cert stores to make sure the ISRG Root X1 cert is in the Trusted Roots store and possibly some additional tweaking in the Intermediate store.