Each thing that connects to your website will resolve the certificate chain in it's own way - (windows, android, command line tools etc) all these build your certificate chain using different techniques.
Your certificate chain is plaza82.es R3 ISRG Root X1 (issued by DST Root CA X3) - so things connecting to your site which trust the newer ISRG Root X1 cert will stop at ISRG Root X1 and work OK. Things that don't know ISRG Root X1 will continue and use DST Root CA X3, which they then may or may not trust depending on whether they reject expired roots or not (android doesn't, some versions of openssl do).
I'm assuming your curl is reading from this website? Or do you have a PHP curl running within that site connecting to something else? Each 'client' works differently and needs to be up to date.
That's correct. I have PHP curl running that throws me errors: "Image optimization API error: Request exception: Requests_Exception MSG: cURL error 60: SSL certificate problem: certificate has expired Code: 0"
It is a WordPress Plugin. I do not know but PHP Curl probably connects to some external URL. Do you think the problem can be in the external URL and not in my server?
Update: I checked ssllabs test details and I found that I get 2 certification paths. The first is trusted but the second is not.
If you can't update system certificates for some reason, you may try to specify root certificate bundle in your php.ini. For example, put the latest cacert.pem from https://curl.se/ca/cacert.pem to /etc/ and add it to php.ini:
This happens because your php_curl is built against OpenSSL/1.0.1t, and old OpenSSL versions fail when there is an expired certificate in the chain even if the chain contains trusted certificate (for example, leaf cert > R3 > ISRG Root X1 > DST Root CA X3, even if ISRG Root X1 is valid). Probably your cacert.pem contains the expired DST Root CA X3, but the latest cacert.pem from the Curl website does not.
Thanks. That makes sense.
I already did the workaround 1 from this article but didn't do the trick.
However, I did manage to speak with the developer of the plugin throwing the error message and he told me the CURL call he is doing in PHP code is relying in the WordPress bundle certificate. That certificate was expired so I downloaded the current version from WordPress, replaced it and IT IS WORKING now.