Welcome to the Let's Encrypt Community 
This is likely owing to the recent DST Root CA X3 root certificate expiration and the fact that member.kcdb.net is serving the "short chain".
You can see what member.kcdb.net is serving here:
Note that there are only two certificates being served rather than three, which indicates the short chain.