Low level error: Certificate has expired or is not yet valid with Let's Encrypt certificate

[dntchi]

The issue is appearing from the beginning of this month and it seems to be related with the expiration of the Let's Encrypt Certificate DST Root CA X3 (and it's R3 intermediate) on Sep 30th 2021
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

Steps to reproduce

1. Have Next Cloud installation on a server with a Let's Encrypt certificate (tested, working ok)
2. Install app on Android (Tested on Android 6.01 on Galaxy A5)
3. Try to create an account in App via https; click on add an account
4. Type in server url in https, user and password
5. Click sign in

Expected behaviour

The account should be created in the App,

Actual behaviour

Low level error: Get https://... /index.php/apps/ocsms/get/apiversion?format=json: x509: certificate has expired or is not yet valid.
See screenshot.

Server configuration

Nextcloud version: 19.0.13, also tested on 17.0.10 and 20.0.13 with same behaviour
PHP version: PHP 7.4.3
Webserver: Apache2
HTTPS: Let's Encrypt implemented by certbot

Client configuration

Android 6.0.1 on a Galaxy A5
Nextcloud SMS app version: 2.0.5

Initial Analysis

Given the expiration of the Let's Encrypt certificate mentioned above, the current certificate chains available from Let's Encrypt will be either:
Chain 1 (modern) : (your cert) > R3 > ISRG Root X1#
Chain 2 (legacy) : (your cert) > R3 > ISRG Root X1 > DST Root CA X3#

1st Test - I make sure my Apache2 server is using one of the chains described above (and not the expired version). This is done my checking my server on https://chainchecker.certifytheweb.com/
--> The test revealed I use the Chain 2 - See screenshot below

2nd Test - the Phone has the certificate ISRG Root X1. This is not obvious for an old Android phone; however the certificate can be installed either by installing Firefox or following a manual method. https://www.stoutner.com/lets-encrypt-isrg-root-x1-and-privacy-browser/
--> I tested on my phone by the url https://valid-isrgrootx1.letsencrypt.org/; It's working

As I had understood from the Let's Encrypt documentation, the App should meet the following requirements: (https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/)

(A) Trust ISRG Root X1 (not just DST Root CA X3)
(B) if using OpenSSL, they must use version 1.1.0 or later. In OpenSSL 1.0.x, a quirk in certificate verification means that even clients that trust ISRG Root X1 will fail when presented with the Android-compatible certificate chain we are recommending by default.

---> In summary, Could anybody confirm if the App meets (A) and (B) ? - or point me on the right direction in case this does not make any sense.
Many thanks!

Screenshot

Other References

https://letsencrypt.org/docs/certificate-compatibility/
https://docs.certifytheweb.com/docs/kb/kb-202109-letsencrypt/#switching-to-chain-2-legacy
https://letsencrypt.org/2020/12/21/extending-android-compatibility.html