I'm using certbot with dns-standalone authenticator using the command:
certbot certonly --config-dir . --preferred-challenges dns --authenticator certbot-dns-standalone:dns-standalone -d sitename
This works fine but I just checked the fullchain.pem and it seems the root certificate in the chain is the
Serial Number:
40:01:77:21:37:d4:e9:42:b8:ee:76:aa:3c:64:0a:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: O = Digital Signature Trust Co., CN = DST Root CA X3
Validity
Not Before: Jan 20 19:14:03 2021 GMT
Not After : Sep 30 18:14:03 2024 GMT
Subject: C = US, O = Internet Security Research Group, CN = ISRG Root X1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Any reason why this certificate that isn't the self signed CA one but still signed by DST Root CA X3 is still being used, as that is going to expire in a few months.