I would usually say that curl can't find the trust store, but that doesn't fit with the other facts here. Sometimes servers are misconfigured and do not send the required intermediate certificates, but the server on https://app.ccgopvt.org:443 is sending the chain correctly (I just checked).
I think something weird is going on with the PHP-curl bridge. What's the error message you're getting when trying without CAINFO?
There's actually two root certificates for Let's Encrypt. Let's Encrypts parent organization, the Internet Security Research Group (ISRG) owns a root called "ISRG Root X1", which is hopefully in your trust store (not sure though, since your Debian version is rather old).
However, that root is relatively new (in stores since approx ~2016) and so Let's Encrypt is using a second root from a different CA, called "DST Root CA X3". This has ensured broad compatibility in the past.
The chain used is currently in the process of being changed, see Production Chain Changes.
Right now your website is still using the older pre-May 4 chain (no change here), but upon the next renewal that will change.