wget: “Issued certificate has expired” after September 30, 2021

Two websites that I download data from using automated processes stopped giving me new data from October 1. When I investigated the problem, I could see an error message from the wget program in Linux:

Connecting to SOME.HOSTNAME (SOME.HOSTNAME)||:443… connected.
ERROR: cannot verify SOME.HOSTNAME’s certificate, issued by ‘/C=US/O=Let’s Encrypt/CN=R3’:
Issued certificate has expired.
To connect to SOME.HOSTNAME insecurely, use `–no-check-certificate’.

The quick fix, obviously, was to add the –no-check-certificat to the command line, which allows the download to go ahead, but what’s the root cause? My assumption was that the site owner had let an SSL certificate expire, but after it happened with a second site from the same date, I got suspicious. It turns out, Let’s Encrypt which is used by many websites for free encryption certificates previously had a certificate that expired on September 30 and which has been replaced by a new certificate but many pieces of software don’t retrieve the new certificate. That’s because it’s signed with a new root certificate that a lot of older software don’t trust yet. They need an updated of the root certificate store.
In my case, running

sudo yum update

would update the ca-certificates package and that allowed wget to trust the new certificate.
Please see these links for more information: