Lets Encrypt certificate error - 30/09/2021

Boss's iDevices are all not loading an of our Lets Encrypt secured sites, saying they have expired on the 30th of September.

This is the expiration of the DST Root CA X3 that cross signed the Lets Encrypt root CA - ISRG Root x1

The ISRG Root x1 certificate doesn't expire till 2035, and is apparently trusted in iOS 10+ and MacOS 10.12+ but we're still seeing the DST Root CA X3 as the trusted root.

I'm trying to fix it remotely but I can't figure out why its a problem. His macbook, iPad and the big boss's iDevices are also all not working, but all our Windows and Android devices are just fine.

They can't even open the test site - https://valid-isrgrootx1.letsencrypt.org

How do we get these iDevices to work? I feel like we need to somehow push them over to the ISRG root, possibly be deleting the DST root cert but these are BYOD and we have never done any apple device provisioning / MDM so I don't see any way to fix it at all let alone remotely.

I also assume I'm not the only one with this issue but searching for this shows up a lot of info about older devices as its expected to be a problem. an iPhone 12 isn't an old device though so why that's having an issue is confusing - I just need a fix and hopefully others can let me know if their new devices are having issues or not