Thanks for the welcome @rg305. Out of curiosity, wouldnt that be disproved by the fullchain working?
When dumping the cacerts based on 'isrg'
keytool -list -keystore /usr/lib/jvm/jdk-22.0.2/lib/security/cacerts -v | grep -i 'isrg'
Alias name: isrgrootx1 [Manually imported]
Owner: CN=ISRG Root X1, O=Internet Security Research Group, C=US
Issuer: CN=ISRG Root X1, O=Internet Security Research Group, C=US
Alias name: letsencryptisrgx1 [jdk]
Owner: CN=ISRG Root X1, O=Internet Security Research Group, C=US
Issuer: CN=ISRG Root X1, O=Internet Security Research Group, C=US
Alias name: letsencryptisrgx2 [jdk]
Owner: CN=ISRG Root X2, O=Internet Security Research Group, C=US
Issuer: CN=ISRG Root X2, O=Internet Security Research Group, C=US
It seems like the files are present in the local cacerts. Unless I am confusing this with something else?