Here is what I believe happened -- All my certificates when verified by Cpanel's AutoSSL logic failed verification due to the expired X3 certificate. As a result all my certificates got resubmitted to LetEncrypt to get updated however the update process didn't update the it CA Bundle since technically the R3 certificate hadn't changed. Sadly that meant it didn't reset the certificate above in the chain that so the old X3 certificate hung around.
Anyway the cure was to manually delete the CA bundle certificates presented by CPanel. It had to be done on every domain.
Now the SSL update AUTOSSL check runs clean and all I likely need to do is wait it out to get my mail certificate back on LE.
The crux of the problem was that Auto SSL kept hitting LE with requests since all certificates failed due to the CA chain not being properly updated.
So for others using CPanel -- go into your SSL/TLS page, select Manage SSL Sites, then call up all your site and clear the CA Bundle information -- CPanel will re-upload with the correct value. HTH -- It worked for us.