@psh2000 I've moved your post into its own thread, as this (almost certainly) has nothing to do with Certbot, as Certbot simply gets certs from the CA and cannot modify the contents in any way.
Are you sure the failing cert was issued by R3? Two days ago, Let's Encrypt changed the intermediates used for signing the certs. See Deploying Let's Encrypt's New Issuance Chains for more info.