Use SSL Labs to check your site for certificate chain issues. Browsers often work around those issues when you’ve previously visited a site using Let’s Encrypt (which puts the intermediate certificate in your cache), but Packagist probably doesn’t do that. If you’re using the official client, make sure you’re using
chain.pem somewhere in your web server configuration, and not just
cert.pem. (With recent versions of nginx and apache, it should probably be
If there are no chain issues, it’s possible that the root certificate Let’s Encrypt uses isn’t included in Packagist CA file. If that’s the case, there’s not much you can do on your end, other than asking them to add the DST X3 root certificate to their trust store.