Yes, perhaps the CA bundle or store is outdated. But, the LE certs don't have to be reissued if that's the case. The LE certs are fine. It could be the server or client is just misconfigured instead. As noted, I don't know OpenVPN well enough to say.
That said, it might be necessary to use the "short chain" rather than the default "long chain". The message about local issuer cert usually means your application CA bundle (or CA store) does not have the ISRG Root X1 cert in it. In that case using the short chain won't help. I just mention this as some apps don't handle the expired intermediate in the default long chain properly.
Here are two links about the chain but it does "feel" like it is related to the CA store more than the chain.
Summary about short and long chains
Longer explanation about the chains