This is a solution for servers with DirectAdmin and custombuild only.
Here is a patch for Let's Encrypt script from DirectAdmin to force it to use "DST Root CA X3" instead of "ISRG Root X1" when issuing SSL certificates:
For installation run as root:
mkdir -p /usr/local/directadmin/custombuild/custom/hooks/letsencrypt/post/
wget -O poralix_patch_chain.sh https://raw.githubusercontent.com/poralix/directadmin-utils/master/letsencrypt/poralix_patch_chain.sh
chmod 750 poralix_patch_chain.sh
The patch will be applied automatically every time by running command:
or you might execute the sctipt manually as needed:
or with cron.