For those who have servers running on Ubuntu, with Certbot managing certificates, I have forced the renewals using ISRG Root X1, this way new certificates doesn't contain the chain of DST Root CA X3, and this did the trick for us.
To do that, first check if your certbot version is < 1:
sudo certbot --version
if so you have to remove it and reinstall using snap:
sudo apt-get remove -y certbot python3-certbot-apache
sudo snap install certbot --classic
sudo ln -s /snap/bin/certbot /usr/bin/certbot
After reinstalling, or If your certbot version is > 1, force the renewal:
sudo certbot renew --force-renewal --preferred-chain "ISRG Root X1"
I also have used this site https://www.digicert.com/help/ to check my certificates, before and after renewing, to verify if the DST X3 chain was removed.