Problem solved.
Replaced .ca file with the new pem file in server and it is now working.
The problem was virtualmin, they didn't update their software to work with the new issuer and broke my app with "Untrusted" incomplete certificate.
Sorry. Everything is good now.
Thank you.