Welcome to the Let's Encrypt Community
This is likely owing to the recent DST Root CA X3 root certificate expiration and the fact that member.kcdb.net
is serving the "short chain".
You can see what member.kcdb.net
is serving here:
Note that there are only two certificates being served rather than three, which indicates the short chain.